Cisco says hackers have been exploiting a flaw in one of its popular networking products used by big businesses for at least three years, prompting the US government and its allies to urge the agencies to take action.
The error, which has a a maximum vulnerability severity score of 10.0allows hackers to remotely break into networks running Catalyst SD-WAN products, which enable large corporations and government agencies with multiple offices to connect their private networks over long distances.
By exploiting this flaw over the Internet, hackers can gain the highest level of permissions on these devices and maintain permanent covert access to the victim’s network, allowing them to spy or steal data for an extended period of time.
Cisco said after discovering the bug, its researchers detected exploits as early as 2023. Some of the affected organizations are said to be critical infrastructure. The company did not provide details, but “critical infrastructure” can refer to everything from power grids and water supply to the transport sector.
Several governments, including Australia, Canada, New Zealand, the United Kingdom and the United States, have warned a notice that threat actors target organizations “globally”.
The US cybersecurity agency CISA ordered all civilian federal agencies to patch their systems by the end of the day on Friday, citing imminent threat and unacceptable risk to the federal government. The federal cybersecurity agency, which is currently operating at reduced capacity due to a partial government shutdown, said it was aware of the ongoing exploit.
Neither Cisco nor the governments attributed the attacks to a specific threat group or nation state, if known, but tracked a cluster of activity as UAT-8616.
In December, Cisco warned of a similar 10.0-scoring vulnerability in the Async software that runs most of its products, which was being actively used to breach its customers’ networks.
