.png&h=128&w=207&c=1&s=1)
Malicious cyber threat actors have exploited multiple vulnerabilities in Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, allowing an attacker to access an affected system, elevate privileges to root, gain access to sensitive information and overwrite arbitrary files.
The vulnerabilities affect Cisco Catalyst SD-WAN Manager, regardless of device configuration.
As a result, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has partnered with several other agencies to co-author a Cisco SD-WAN Threat Hunt Guide.
Advice for Cisco SD-WAN owners includes collecting artifacts such as virtual snapshots and log-offs; reviewing Cisco’s advisories (here and here); hunt for evidence of compromise as outlined in the Hunt Guide; and implementing the Cisco Catalyst SD-WAN Hardening Guide.
Cisco has subsequently released software updates that address these vulnerabilities and have strongly recommended that customers upgrade to the fixed software indicated in its advisory.
_(25).jpg&h=142&w=230&c=1&s=1)
_(38).jpg&h=142&w=230&c=1&s=1)
.jpg&w=100&c=1&s=0)
