Cisco Urges Admins to Fix IOS Software Zero-Day Exploited in Attacks

Cyber Security Threat Summary:
Multiple vulnerabilities have been identified in Cisco Catalyst SD-WAN Manager (formerly Cisco SD-WAN vManage). These vulnerabilities could potentially allow attackers to access an affected instance or cause a denial of service (DoS) condition on the affected system. Cisco has taken action to address these vulnerabilities through software updates, "Although exploiting this vulnerability demands significant access to the target environment, threat actors have already initiated attacks, as reported by the company in the same advisory. Cisco identified attempted exploitation of the GET VPN feature during a technical code review as part of their internal investigation. The advisory emphasizes the importance of customers upgrading to a fixed software release to address this vulnerability. Furthermore, on Wednesday, Cisco released security patches to address a critical vulnerability in the Security Assertion Markup Language (SAML) APIs within the Catalyst SD-WAN Manager network management software."

Security Officer Comments:
These vulnerabilities in Cisco Catalyst SD-WAN Manager could pose significant security risks to organizations using the platform. Access to the affected instance or a DoS attack could result in service disruptions and potential data breaches. Cisco's prompt release of software updates is a positive step towards mitigating these risks. Organizations using Cisco Catalyst SD-WAN Manager should prioritize the installation of the provided software updates to ensure their systems are protected against these vulnerabilities. It's important to stay informed about security advisories and take action promptly to maintain a secure network environment.

Suggested Correction(s):
The primary mitigation for these vulnerabilities is to apply the software updates released by Cisco. There are no identified workarounds to address these vulnerabilities. To ensure the security of Cisco Catalyst SD-WAN Manager:

  • Visit the Cisco Security Advisories and Alerts page to access detailed information about the vulnerabilities, including affected versions and software updates.
  • Download and apply the relevant software updates as recommended by Cisco.
  • Follow best practices for network security, including restricting access to management interfaces and regularly monitoring for unusual or unauthorized activity.
  • Staying proactive and keeping software and hardware up to date is crucial for maintaining a secure network infrastructure. Organizations should also have an incident response plan in place to swiftly address any potential security incidents or breaches.

  • Link(s):