Cisco Warns Critical Network Bug Exploited by Hackers Since 2023

Technology giant Cisco has revealed that hackers have been actively exploiting a critical vulnerability in its popular networking products for at least three years, breaking into the networks of large enterprises and government agencies worldwide.

The vulnerability, which carries the maximum severity rating of 10.0, affects Cisco's Catalyst SD-WAN products—systems that enable large companies and government organisations with multiple offices to connect their private networks across long distances.

According to Cisco's security advisory, the bug allows hackers to remotely infiltrate networks running these products by exploiting the flaw over the internet. Once inside, attackers can gain the highest level of permissions to compromised devices and maintain persistent, hidden access within a victim's network for extended periods, enabling long-term espionage or data theft.

After discovering the vulnerability, Cisco's Talos security researchers traced evidence of active exploitation back to 2023. The company confirmed that some affected organisations include critical infrastructure providers, though specific entities were not named. Critical infrastructure typically encompasses power grids, water supply systems, transportation networks, and other essential services.

Several governments have now issued urgent warnings about the threat. Cybersecurity agencies from Australia, Canada, New Zealand, the United Kingdom, and the United States issued a joint alert stating that threat actors are targeting organisations globally through this vulnerability.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken particularly strong action, ordering all civilian federal agencies to patch their systems by end-of-day Friday. CISA cited an imminent threat and unacceptable risk to the federal government, noting it was aware of ongoing exploitation in the wild.

The directive comes as CISA itself is reportedly operating at reduced capacity due to a partial government shutdown, adding urgency to the situation. Neither Cisco nor the allied governments have attributed the attacks to a specific threat actor or group.

Security experts are urging all organisations using Cisco Catalyst SD-WAN products to immediately apply available patches and review their networks for signs of compromise. The maximum severity rating of the vulnerability underscores the critical nature of the threat and the need for swift remediation.