Cisco has confirmed that a previously unknown security flaw in its SD-WAN (Software-Defined Wide Area Network) software is being actively exploited by attackers, with no official patch yet released. The vulnerability, classified as a zero-day, allows remote code execution, meaning cybercriminals could take full control of affected devices. Cisco has urged customers to implement mitigations such as access control lists and disabling certain services, but these are temporary measures.
SD-WAN technology is widely adopted by UK enterprises and public sector organisations to manage and secure wide-area networks, particularly as hybrid working becomes the norm. The flaw affects both cloud-hosted and on-premises versions of Cisco's SD-WAN solution, potentially exposing thousands of networks. Security researchers have observed targeted attacks, though the full scale of the threat remains unclear.
For UK businesses, the implications extend beyond immediate network security. Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, organisations must implement appropriate technical measures to protect personal data. A breach stemming from this vulnerability could lead to regulatory action by the Information Commissioner's Office (ICO), as well as reputational damage. The EU's AI Act does not directly apply here, but the broader push for cyber-resilience in digital infrastructure is relevant.
Dr. Sarah Chen, a cybersecurity lecturer at the University of Manchester, commented: 'This is a serious wake-up call for UK IT teams. SD-WAN is the backbone of many corporate networks, and a zero-day with active exploitation means attackers have a head start. The lack of a patch forces businesses into a reactive posture, which is never ideal. Organisations should isolate affected devices and monitor logs intensively.'
The vulnerability also poses risks to the UK economy, as network outages or data theft can disrupt supply chains, financial services, and remote work. Small and medium-sized enterprises, which often lack dedicated cybersecurity staff, may be particularly vulnerable. Cisco has not provided a timeline for a fix, leaving UK network administrators in a holding pattern.