Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023
Summary
Cisco has disclosed that CVE-2023-20177, a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, has been exploited in zero-day attacks since 2023. The vulnerability allows remote attackers to compromise controllers and add malicious peers to networks.
IFF Assessment
Active exploitation of a critical vulnerability is bad news for defenders.
Severity
Defender Context
This zero-day exploitation highlights the importance of prompt patching and robust network monitoring. Defenders should immediately apply the provided patch and investigate their networks for any signs of compromise related to this vulnerability, paying close attention to unauthorized SD-WAN devices or controllers. The fact that this has been exploited since 2023 means persistence and thorough investigation is warranted.