Cisco has issued an urgent alert to customers after the discovery of a zero-day vulnerability affecting its IOS XE Software range.
Tracked as CVE-2023-20198, the flaw was given a maximum CVSS rating of 10.0, and specifically affects the web UI feature of Cisco’s IOS XE Software, the tech giant explained.
Cisco added the flaw could enable an attacker to take over an affected system and has been actively exploited in the wild.
“Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks,” the firm said in a security advisory.
“This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.”
The vulnerability specifically affects systems with HTTP or HTTPS servers turned on, with Cisco advising customers to disable both servers on all internet-facing systems to prevent exploitation.
“To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode,” the firm added.
At present, there is no available patch for the vulnerability, but the company added it will update users when one lands. Similarly, the volume of affected systems is yet to be determined but could range in the tens of thousands, according to early analysis.
RELATED RESOURCE
Solve security compliance, operational, and DevOps issues.
Mayuresh Dani, manager of threat research at Qualys, said the potential number of affected companies could be huge based on Shodan observations.
“Cisco has not provided the list of devices affected, which means that any switch, router or WLC running IOS XE and has the web UI exposed to the internet is vulnerable.”
“Based on my searches using Shodan, there are about 40,000 Cisco devices that have web UI exposed to the internet,” he added.
Dani echoed Cisco’s advisory and strongly recommended that users disable the web UI component on devices.
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
HPE says unified channel strategy won't force Juniper partners to generalizeNews Does the company embrace specialists or want a full portfolio push? The answer, it seems, is both
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network Academy
News The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
Cisco ASA customers urged to take immediate action as NCSC, CISA issue critical vulnerability warningsNews Cisco customers are urged to upgrade and secure systems immediately
-
Cisco eyes network security gains for agentic AINews New network security updates aim to secure AI agents across enterprises
-
Cisco patches critical flaw affecting Identity Services EngineThe networking giant has urged enterprises to update immediately
-
96% of businesses have low cyber-readiness, claims CiscoThe 2025 Cisco Cybersecurity Readiness Index shows a concerning number of businesses globally are unprepared for rising AI-related threats.
-
Cisco takes aim at AI security at RSAC with ServiceNow partnershipNews The companies claim Cisco AI Defense and ServiceNow SecOps will help address new challenges raised by AI
-
Cisco claims new smart switches provide next-level perimeter defenseNews Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
-
Cisco is jailbreaking AI models so you don’t have to worry about itNews Cisco's new AI Defense security solution helps organizations shore up LLM security by identifying potential flaws.
