ClickCease Cisco IOS XE Security Alert: Zero-Days Vulnerability Patched

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Cisco IOS XE Security Alert: Zero-Days Vulnerability Patched

Rohan Timalsina

October 31, 2023 - TuxCare expert team

Cisco has patched two vulnerabilities, tracked as CVE-2023-20198 and CVE-2023-20273 that hackers are actively exploiting to compromise thousands of devices. The patch has been made available after the attackers exploited these issues as zero-day attacks to gain full control over 50,000 Cisco IOS XE hosts.

 

Multiple Vulnerabilities in Cisco IOS XE

The initial breach involved the exploitation of CVE-2023-20198, providing the attacker with the means to establish initial access. Subsequently, they executed a “privilege 15 command” to create a local user and password combination, granting them access with standard user privileges.

Following this, the attacker harnessed another aspect of the web user interface (UI) functionality to further their intrusion, leveraging the newly created local user to elevate their privileges to root. This allowed them to write an implant to the file system. Cisco has designated this issue as CVE-2023-20273.

CVE-2023-20198 has been assigned a CVSS Score of 10.0, while CVE-2023-20273 has received a CVSS Score of 7.2.

Cisco issues a caution that both vulnerabilities can be exploited if the device’s web UI (HTTP Server) feature is enabled. This activation can be accomplished through the execution of commands such as “ip http server” or “ip http secure-server.”

Additionally, the network gear manufacturer reports that the malicious actor utilized the critical flaw to establish initial access to the device, subsequently executing a “privilege 15 command” to create a standard local account.

 

Conclusion

Cisco has issued a stark advisory about a severe, unpatched security vulnerability that is currently being actively exploited in the wild within the IOS XE software environment. This zero-day vulnerability, rooted in the web user interface (UI) functionality, is identified as CVE-2023-20198 and has been allocated the highest possible severity rating of 10.0 on the CVSS (Common Vulnerability Scoring System) scale.

It is essential to note that this vulnerability exclusively impacts enterprise networking equipment where the web UI feature is active and exposed to the internet or untrusted networks.

 

The sources for this article include a story from Bleeping Computer.

Summary
Cisco IOS XE Security Alert: Zero-Days Vulnerability Patched
Article Name
Cisco IOS XE Security Alert: Zero-Days Vulnerability Patched
Description
Cisco's critical security update for IOS XE addresses zero-days exploited by hackers, impacting over 50,000 devices. Take action now!
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter