A critical authentication bypass vulnerability in Cisco Catalyst SD-WAN has been identified and is currently being actively exploited in the wild.

This vulnerability involves a failure in the peering authentication mechanism, allowing an unauthenticated remote attacker to send crafted requests to the system. Successful exploitation grants the attacker administrative access to the SD-WAN fabric via NETCONF.

With a CVSS score of 10.0, this vulnerability represents the highest level of risk to organizational infrastructure. An attacker gaining administrative control over the SD-WAN fabric can manipulate network traffic, intercept sensitive data, or disrupt critical business communications, leading to severe reputational damage and operational downtime.

Immediate Action: Apply the latest security patches provided by Cisco immediately to resolve the authentication bypass.

Proactive Monitoring: Review system and network access logs for unusual NETCONF activity or unauthorized administrative logins.

Compensating Controls: Implement strict network segmentation and restrict access to the SD-WAN control plane to trusted management IP addresses only.

Public Exploit Available: True

The extreme severity of this vulnerability, combined with confirmed active exploitation, necessitates an immediate emergency response. Organizations should prioritize patching all Cisco Catalyst SD-WAN controllers and perform a thorough forensic review of their network configurations to ensure no unauthorized changes have been introduced.