External risk intelligence
Cisco Catalyst SD-WAN could allow external attackers to manipulate network controls.
Cisco Catalyst SD-WAN Controller and Manager could allow external attackers to bypass authentication and gain administrative control. This enables attackers to manipulate network configurations, posing a risk to service availability. Active exploitation has been confirmed.
Halo Surface Signal
5/ 5The vulnerability affects Cisco Catalyst SD-WAN Controller and Manager, which function as centralized gateways and management surfaces for network infrastructure. These systems are critical control points often deployed in edge-adjacent roles. Per the specific instructions for Cisco network infrastructure, the score reflects its status as a high-value, network-facing administrative surface.
Exposure facts
H – Horizon Alert
A security vulnerability has been identified within Cisco Catalyst SD-WAN Controller and Manager systems related to their peering authentication mechanism. This flaw could allow an unauthorized, remote user to bypass security controls and gain administrative access to the platform. If exploited, this access could enable an attacker to manipulate network configurations for the SD-WAN fabric, potentially compromising the integrity and control of our network infrastructure.
A – Asset Exposure
This vulnerability affects Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager platforms. An attacker could bypass authentication mechanisms to gain administrative privileges on the system. This access could enable unauthorized modification of network configuration across the SD-WAN fabric, potentially impacting essential network controls and service availability.
L – Live Threat
This vulnerability is included in the CISA Known Exploited Vulnerabilities catalog, confirming that active exploitation has been observed in the wild. Because the issue allows unauthorized administrative access to critical network management infrastructure, there is a significant potential for impact on the security and integrity of the managed network. Although specific involvement in known ransomware campaigns remains unconfirmed, the inclusion in this federal registry identifies this as a high-priority risk signal.
O – Operational Fix
Our organization should prioritize immediate alignment with CISA Emergency Directive 26-03 regarding our Cisco SD-WAN infrastructure. Please direct technical teams to implement the specific Hunt & Hardening Guidance provided by CISA to assess exposure and secure affected controllers and managers. If the recommended security mitigations cannot be successfully applied, we must evaluate our ability to maintain operation of these services in accordance with established compliance standards.