Cisco Warns of Ongoing Exploitation of Critical Bug in Popular Networking Products

Cisco has confirmed that hackers have been exploiting a critical bug in one of its popular networking products used by large enterprises for at least three years, prompting the U.S. government and its allies to urge organizations to take action. The bug, which has a maximum-rated vulnerability severity score of 10.0, allows hackers to remotely break into networks running Cisco's Catalyst SD-WAN products, which enable large companies and government agencies with multiple offices to connect their private networks over long distances.

The exploitation of this bug enables hackers to gain the highest level of permissions to these devices and maintain persistent hidden access inside a victim’s network, allowing them to spy or steal data over a prolonged period. Cisco said after discovering the bug, its researchers traced evidence of exploitation as far back as 2023. Some of the affected organizations are said to be critical infrastructure, including power grids, water supply, and transportation sectors.

Several governments, including Australia, Canada, New Zealand, the United Kingdom, and the United States, have warned in an alert that threat actors are targeting organizations globally. The U.S. cybersecurity agency CISA has ordered all civilian federal agencies to patch their systems by end-of-day Friday, citing an imminent threat and unacceptable risk to the federal government.

Cisco did not provide specifics on the affected organizations but described them as "critical infrastructure." Neither Cisco nor the governments attributed the attacks to a specific threat group or nation state, but tracked one cluster of activity as UAT-8616. In December, Cisco warned of a similarly rated 10.0 vulnerability in the Async software that runs most of its products, which was being actively used to hack into its customer networks.

The discovery and warning from Cisco highlight the ongoing threat of data breaches and malware attacks on critical infrastructure. As organizations continue to rely on complex networks and systems, it is essential for them to prioritize cybersecurity measures and regularly update their software to prevent exploitation of vulnerabilities like this one. The incident also underscores the importance of collaboration between governments, cybersecurity agencies, and companies in sharing information and best practices to combat cyber threats.

In conclusion, the ongoing exploitation of a critical bug in Cisco's Catalyst SD-WAN products poses a significant risk to organizations around the world, particularly those with critical infrastructure. Organizations must take immediate action to patch their systems and implement robust cybersecurity measures to prevent further breaches. It is also essential for governments and cybersecurity agencies to continue sharing information and best practices to combat cyber threats and protect national security.