Cisco issues alert over critical IOS XE Software flaw
Cisco is yet to provide details on the volume of affected systems
Cisco has issued an urgent alert to customers after the discovery of a zero-day vulnerability affecting its IOS XE Software range.
Tracked as CVE-2023-20198, the flaw was given a maximum CVSS rating of 10.0, and specifically affects the web UI feature of Cisco’s IOS XE Software, the tech giant explained.
Cisco added the flaw could enable an attacker to take over an affected system and has been actively exploited in the wild.
“Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks,” the firm said in a security advisory.
“This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.”
The vulnerability specifically affects systems with HTTP or HTTPS servers turned on, with Cisco advising customers to disable both servers on all internet-facing systems to prevent exploitation.
“To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode,” the firm added.
At present, there is no available patch for the vulnerability, but the company added it will update users when one lands. Similarly, the volume of affected systems is yet to be determined but could range in the tens of thousands, according to early analysis.
RELATED RESOURCE
Solve security compliance, operational, and DevOps issues.
Mayuresh Dani, manager of threat research at Qualys, said the potential number of affected companies could be huge based on Shodan observations.
“Cisco has not provided the list of devices affected, which means that any switch, router or WLC running IOS XE and has the web UI exposed to the internet is vulnerable.”
“Based on my searches using Shodan, there are about 40,000 Cisco devices that have web UI exposed to the internet,” he added.
Dani echoed Cisco’s advisory and strongly recommended that users disable the web UI component on devices.
-
CISOs are keen on agentic AI, but they’re not going all-in yetNews Many security leaders face acute talent shortages and are looking to upskill workers
-
Why Amazon’s ‘go build it’ AI strategy aligns with OpenAI’s big enterprise pushNews OpenAI and Amazon are both vying to offer customers DIY-style AI development services
-
CISOs are keen on agentic AI, but they’re not going all-in yet
News Many security leaders face acute talent shortages and are looking to upskill workers
-
Security agencies issue warning over critical Cisco Catalyst SD-WAN vulnerabilityNews Threat actors have been exploiting the vulnerability to achieve root access since 2023
-
AI is “forcing a fundamental shift” in data privacy and governanceNews Organizations are working to define and establish the governance structures they need to manage AI responsibly at scale – and budgets are going up
-
Cisco says Chinese hackers are exploiting an unpatched AsyncOS zero-day flaw – here's what we know so farNews The zero-day vulnerability affects Cisco's Secure Email Gateway and Secure Email and Web Manager appliances – here's what we know so far.
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
Cisco ASA customers urged to take immediate action as NCSC, CISA issue critical vulnerability warnings
News Cisco customers are urged to upgrade and secure systems immediately
-
Cisco eyes network security gains for agentic AINews New network security updates aim to secure AI agents across enterprises
-
Cisco patches critical flaw affecting Identity Services EngineThe networking giant has urged enterprises to update immediately
