External risk intelligence
Cisco Catalyst SD-WAN Manager could allow external attackers to view sensitive information
Cisco Catalyst SD-WAN Manager could allow an attacker with administrative privileges to view sensitive system information, potentially compromising internal data confidentiality. Active exploitation is confirmed, requiring immediate assessment and mitigation per CISA guidelines.
Halo Surface Signal
2/ 5The product is a central network management console typically deployed within restricted, internal network segments for administrative access. While the service is network-accessible, it is not intended for direct public internet exposure and is generally isolated from the public web via VPNs or internal access controls, making widespread public internet reachability uncommon.
Exposure facts
H – Horizon Alert
A security issue has been identified in Cisco Catalyst SD-WAN Software resulting from insufficient file system restrictions. This vulnerability could allow an individual with administrative access to view sensitive information on the underlying operating system. Protecting this system is important, as the unauthorized exposure of this data could compromise the confidentiality of our internal environment.
A – Asset Exposure
This vulnerability affects Cisco Catalyst SD-WAN Manager systems, which are typically deployed within protected internal network environments. If an attacker possesses existing administrative privileges on the system, they could potentially bypass file system restrictions to access unauthorized areas. This may result in the exposure of sensitive information residing on the underlying operating system.
L – Live Threat
Active exploitation of this vulnerability has been confirmed, as it is officially tracked within CISA’s Known Exploited Vulnerabilities catalog. This flaw allows unauthorized access to sensitive system information, presenting a verified risk to organizations leveraging these systems. Because evidence confirms this issue is being targeted in the wild, it warrants careful attention from your security stakeholders.
O – Operational Fix
Please prioritize assessing your environment by reviewing CISA’s Emergency Directive 26-03 and the Hunt & Hardening Guidance for Cisco SD-WAN devices to mitigate risks effectively. If these necessary mitigations cannot be implemented, we recommend adhering to BOD 22-01 guidance or evaluating the discontinuation of the product. Taking these steps will ensure your organization remains aligned with official security mandates regarding the Cisco Catalyst SD-WAN Manager.