Cisco Discloses Major Vulnerability Exploited by Hackers for Years
According to the Economic Desk of Webangah News Agency, Cisco has disclosed that hackers have been exploiting a critical vulnerability in one of its widely used networking products for a minimum of three years. This ongoing exploitation has prompted the United States government and its allies to urge organizations to implement immediate fixes.
The vulnerability, which carries a maximum Common Vulnerability Scoring System (CVSS) severity score of 10.0, grants attackers remote access to networks operating Cisco Catalyst SD-WAN products. These products are utilized by major corporations and government entities with multiple branches to establish and manage their private networks over long distances.
By leveraging this flaw via the internet, hackers can gain the highest level of privileges on these devices, enabling them to maintain persistent, covert access within the victim’s network. This allows for prolonged periods of data espionage or theft.
Cisco stated that its researchers have traced evidence of exploitation back to 2023, following the discovery of the flaw. It has been reported that some of the affected organizations include critical infrastructure operators. The technology company did not provide further specifics, but the term “critical infrastructure” can encompass a wide range of essential services, from power and water grids to transportation networks.
Multiple governments, including those of Australia, Canada, New Zealand, the United Kingdom, and the United States, issued a joint warning, alerting that threat actors are targeting organizations on a global scale.
The US Cybersecurity and Infrastructure Security Agency (CISA) mandated all federal civilian agencies to patch their systems by the end of Friday, citing an imminent threat and an unacceptable risk to federal government operations. CISA, currently operating at reduced capacity due to a partial government shutdown, acknowledged awareness of the ongoing exploitation.
Neither Cisco nor the governments have attributed these attacks to a specific threat group or national state, according to TechCrunch. However, a cluster of activity has been tracked under the designation UAT-8616. This development follows a similar alert issued by Cisco last December regarding a high-severity vulnerability (rated 10.0) in its AsyncOS software, which powers many of its products and was actively being used to compromise customer networks.
