Five Eyes Urgent Warning Patch Your Cisco SD-WAN to Prevent Root Takeover!

🚨 Five Eyes Urgent Warning: Patch Your Cisco SD-WAN to Prevent Root Takeover!

The Five Eyes intelligence alliance is urgently warning defenders to patch two Cisco Catalyst SD-WAN vulnerabilities used in attacks. Discovered by the Australian Signals Directorate (ASD), all five intelligence agencies co-signed the alert, confirming that hackers are attempting to exploit these vulnerabilities for persistent access.

🔍 What You Need to Know

• Malicious cyber threat actors are targeting Cisco Catalyst SD-WAN devices globally.
• The first vulnerability, CVE-2022-20775 (7.8), is a path traversal vulnerability affecting the command line interface, allowing for privilege escalation.
• The second, CVE-2026-20127 (10.0), is a max-severity bug that grants hackers admin rights upon successful exploitation.

According to Cisco Talos, the attacks attributed to a group known as UAT-8616 suggest that these vulnerabilities have been exploited since at least 2023. The report indicates that attackers first gain admin rights before downgrading the SD-WAN’s software version to achieve root access.

🛡️ Recommended Actions

Defenders are strongly urged to follow the Five Eyes Hunt Guide to identify signs of compromise. If any signs are found, share the data with relevant security authorities and upgrade to the latest version of Cisco Catalyst SD-WAN Controller/Manager.

NCSC CTO Ollie Whitehouse emphasized the importance of investigating exposure to network compromise and hunting for malicious activity. UK organizations are advised to report compromises to the NCSC and apply vendor updates promptly to mitigate risks.

For more detailed information, please read the complete article here: Read full article