An unauthenticated remote code execution vulnerability in Cisco Secure Workload allows attackers to bypass authentication and gain full administrative control over site resources.

This is an authentication bypass vulnerability affecting internal REST API endpoints. Unauthenticated attackers can send specifically crafted requests to these endpoints, successfully masquerading as a Site Admin user.

A successful exploitation grants an attacker full administrative privileges, leading to unauthorized data exfiltration, modification of network security policies, and complete compromise of the Secure Workload environment. Given the critical CVSS score of 10.0, this vulnerability presents an immediate, catastrophic risk to organizational security and operational integrity.

Immediate Action: Apply the latest security patches provided by Cisco immediately.

Proactive Monitoring: Audit REST API access logs for anomalous, high-privilege requests originating from unauthorized or external IP addresses.

Compensating Controls: Implement strict network segmentation and restrict access to the Secure Workload management interfaces to trusted administrative subnets only.

Public Exploit Available: false

The severity of this flaw necessitates immediate remediation. Administrators must prioritize applying vendor-supplied updates to all affected Secure Workload instances to close the authentication bypass vector and prevent unauthorized administrative access.