Cisco has issued an urgent alert to customers after the discovery of a zero-day vulnerability affecting its IOS XE Software range.
Tracked as CVE-2023-20198, the flaw was given a maximum CVSS rating of 10.0, and specifically affects the web UI feature of Cisco’s IOS XE Software, the tech giant explained.
Cisco added the flaw could enable an attacker to take over an affected system and has been actively exploited in the wild.
“Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks,” the firm said in a security advisory.
“This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.”
The vulnerability specifically affects systems with HTTP or HTTPS servers turned on, with Cisco advising customers to disable both servers on all internet-facing systems to prevent exploitation.
“To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode,” the firm added.
At present, there is no available patch for the vulnerability, but the company added it will update users when one lands. Similarly, the volume of affected systems is yet to be determined but could range in the tens of thousands, according to early analysis.
Mayuresh Dani, manager of threat research at Qualys, said the potential number of affected companies could be huge based on Shodan observations.
“Cisco has not provided the list of devices affected, which means that any switch, router or WLC running IOS XE and has the web UI exposed to the internet is vulnerable.”
“Based on my searches using Shodan, there are about 40,000 Cisco devices that have web UI exposed to the internet,” he added.
Dani echoed Cisco’s advisory and strongly recommended that users disable the web UI component on devices.
