A critical authentication bypass vulnerability in Cisco Catalyst SD-WAN control connections is being actively exploited in the wild, posing an immediate threat to network integrity.

This flaw exists within the control connection handshaking process, enabling an unauthenticated attacker to bypass authentication. Exploitation allows the attacker to log in as a high-privileged user and manipulate the SD-WAN fabric via NETCONF.

Assigned a CVSS score of 10.0, this vulnerability permits full administrative control over the SD-WAN fabric. Successful exploitation could result in complete compromise of network traffic, unauthorized data exfiltration, and significant disruption to enterprise-wide network operations.

Immediate Action: Update all Cisco Catalyst SD-WAN components to the latest version provided by the vendor to address the control connection handshake flaw.

Proactive Monitoring: Utilize the vendor-provided "Show Control Connections" guidance to verify system integrity and identify anomalous connection attempts.

Compensating Controls: Deploy strict firewall rules to limit management plane access and monitor for unauthorized administrative sessions.

Public Exploit Available: True

Organizations must treat this as a high-priority incident. Beyond applying the necessary updates, security teams should conduct a thorough audit of all control plane connections and review logs for signs of compromise to ensure the environment has not been subverted by attackers.