External risk intelligence
Cisco Catalyst SD-WAN Manager could allow external attackers to gain privileged access
Cisco Catalyst SD-WAN Manager could allow external attackers to steal stored credentials, potentially exposing critical network controls and operational systems to compromise. This vulnerability is currently being actively exploited in the wild, necessitating immediate attention to secure our environment.
Halo Surface Signal
4/ 5The product is a management console for network infrastructure. These systems typically feature web-based interfaces used for centralized administrative control and management of remote network devices. Such management surfaces are commonly deployed as web-accessible portals or APIs to facilitate remote administration and connectivity, making them a likely target for network-based access.
Exposure facts
H – Horizon Alert
A security vulnerability has been identified within the Cisco Catalyst SD-WAN Manager concerning the storage of account credentials. An unauthorized remote user could potentially exploit this to access sensitive files, allowing them to gain privileged control over the system. This presents a notable business risk, as it may provide an attacker with unauthorized access to critical administrative functions.
A – Asset Exposure
This vulnerability impacts the Data Collection Agent (DCA) feature within the Cisco Catalyst SD-WAN Manager. If these management systems are reachable remotely, an attacker could extract stored credentials to gain unauthorized DCA user privileges. Consequently, this could lead to broader compromise of interconnected infrastructure, affecting essential network controls and critical operational systems.
L – Live Threat
This vulnerability is currently listed in the CISA Known Exploited Vulnerabilities catalog, which confirms that there is evidence of active exploitation occurring in the wild. Because threat actors are known to be targeting this flaw to gain unauthorized system access, the associated risk is elevated. We recommend maintaining heightened situational awareness regarding any unusual activity within your environment.
O – Operational Fix
To address this security concern, please prioritize applying the latest software updates provided by the vendor. This is the primary recommendation for resolving the identified issue and securing your environment. Additionally, we encourage your team to consult the CISA Emergency Directive and official hardening guidance for Cisco SD-WAN devices to ensure all appropriate security measures are active. If an immediate update is not feasible, please validate your current system configuration and closely follow the vendor's provided instructions to mitigate potential risks.