A vulnerability with a severity score of 10.0 in Cisco's Catalyst SD-WAN products has been exploited by hackers for at least three years, prompting urgent alerts from the U.S. government and allied nations. This flaw enables unauthorized remote access to large enterprises and government networks, allowing threat actors to maintain hidden access for extended periods, potentially compromising sensitive data.
The U.S. cybersecurity agency CISA has mandated that all civilian federal agencies implement necessary patches by the end of the day on Friday due to the imminent threat posed by this exploitation. The agency noted that it is currently operating at reduced capacity amid a partial government shutdown but remains aware of the ongoing risks.
Many of the affected organizations are classified as critical infrastructure, which can include essential services such as power, water supply, and transportation. Although Cisco has traced instances of this vulnerability's exploitation back to 2023, it has not specified the affected entities or associated threat groups, although one cluster has been tracked as UAT-8616.