New Cisco SD-WAN Zero-Day Grants Admin Access

A critical zero-day vulnerability in Cisco's Catalyst SD-WAN Controller is being actively exploited, allowing attackers to gain administrative access without authentication. The vulnerability, which stems from a flawed peering authentication mechanism in the vdaemon component, enables unauthenticated attackers to bypass security controls and assume admin privileges. This maximum-severity vulnerability is particularly concerning, as it grants attackers complete control over the affected system. The fact that this vulnerability is being actively exploited¹ means that the window for patching and mitigating the vulnerability is rapidly shrinking. Cisco users must assess their exposure to this vulnerability immediately to prevent potential attacks. The exploitation of this vulnerability highlights the importance of prompt patching and highlights the potential consequences of delayed action, so what matters most to practitioners is the urgent need to evaluate their systems' vulnerability to this exploit and apply necessary patches to prevent administrative access falling into the wrong hands.