Attackers Are Exploiting an Unpatched Cisco Flaw
TL;DR: Cisco has revealed a critical, unpatched vulnerability in its Catalyst SD-WAN Manager software. Attackers are actively exploiting it to gain full control of affected systems, and there is currently no fix available from the company.
Key facts
- Category
- Cybersecurity
- Impact
- Critical
- Published
- Source
- BleepingComputer
Full summary
Cisco warns a critical vulnerability in its SD-WAN Manager is being actively exploited by attackers, and no patch is available yet.
Cisco has issued an urgent security advisory for a high-severity vulnerability in its Catalyst SD-WAN Manager software. The flaw, tracked as CVE-2024-20265, is a zero-day, meaning it was discovered being actively exploited by attackers before a patch was developed. The vulnerability allows an unauthorized user to execute commands with root-level privileges on the affected system. Gaining root access is the highest level of control an attacker can achieve, effectively giving them complete command over the device. Cisco confirmed it has observed active exploitation of this vulnerability in the wild, though it has not shared details about the attackers or their targets. The company has not yet released a software update to address the issue, leaving many of its enterprise customers in a vulnerable position.
The impact of this vulnerability is significant because the Catalyst SD-WAN Manager is a central component for managing and securing wide-area networks for many large organizations. A compromise of this system could have devastating consequences. Attackers with root access could potentially intercept or alter network traffic, deploy malware across the corporate network, access sensitive internal data, or cause widespread service disruptions. This puts any organization using the affected software at immediate risk of a serious security breach. The lack of a patch or any official workarounds means that traditional methods of mitigation are not available, heightening the urgency for IT and security teams to monitor their systems for any signs of compromise.
Cisco is currently developing a software fix to address the vulnerability, but a specific release date has not been announced. The company advises customers to monitor its security advisory page for updates. In the meantime, security teams should focus on implementing robust monitoring and detection measures to identify any suspicious activity on their SD-WAN Manager instances. This includes looking for unauthorized configuration changes, unusual command executions, or unexpected outbound network connections. Given the active exploitation, organizations must assume they are a potential target and act accordingly until a permanent solution is available.
⚡ Action needed
Cisco has not yet released a patch. Administrators should monitor their Catalyst SD-WAN Manager instances for signs of compromise and prepare to apply the security update as soon as it becomes available.
Action checklist
- 1Identify all Cisco Catalyst SD-WAN Manager instances in your environment.
- 2Monitor systems for signs of unauthorized access or unusual activity.
- 3Review access logs for any suspicious command executions.
- 4Subscribe to the official Cisco security advisory for CVE-2024-20265.
- 5Prepare to deploy the patch immediately upon its release.
Related on Notifire
Primary source: BleepingComputer