Cisco addresses a security flaw in the commonly abused IOS XE software, releasing a patch for mitigation
In a swift response to a potential security threat, Cisco has issued security fixes on Sunday to address two critical zero-day vulnerabilities in its Cisco IOS XE software. These vulnerabilities, identified as CVE-2023-20198 and CVE-2023-20273, pose significant risks as they involve privilege escalation and potentially remote code execution issues.
CVE-2023-20198, a Web UI privilege escalation vulnerability, allows a lower-privileged user to escalate to higher privileges through the web interface in Cisco IOS XE 17.15.1. On the other hand, CVE-2023-20273, while less prominent in search results, is closely linked to Cisco IOS XE privilege escalation and remote code execution issues.
Although the specific CVSS scores for these two CVEs are not explicitly stated, given the nature of the vulnerabilities, Cisco typically assigns moderately high scores to such issues.
These vulnerabilities have a broad impact as Cisco IOS XE runs on a wide range of Cisco network devices, including routers, switches, and wireless controllers. The vulnerabilities are widely deployed in enterprise, service provider, and data center environments globally, potentially affecting hundreds of thousands of devices.
Cisco has released patches in IOS XE versions starting with 17.15.1 and provided detailed technical advisories to mitigate these security issues. Network administrators are strongly advised to apply these updates immediately to prevent exploitation.
It's important to note that the identity of the threat actor responsible for exploiting these vulnerabilities remains unknown. Prior to the security release, researchers were no longer able to see the vast majority of infected devices online.
An unidentified hacker is believed to have exploited the web user interface in Cisco IOS XE and installed malicious backdoors in about 42,000 devices worldwide. Cisco Talos, Cisco's threat intelligence and security research organisation, states that an older vulnerability, CVE-2021-1435, is not associated with these attacks.
Cisco Talos officials observed suspicious activity on Sept. 28, but later found that the activities began on Sept. 18. The threat actor was found gathering information about the device and conducting preliminary reconnaissance. On Oct. 12, an additional cluster of activity was discovered.
CVE-2023-20198 has a CVSS score of 10, allowing the hacker to gain initial access and establish privilege level 15 control. CVE-2023-20273 has a score of 7.2 and was used to elevate privileges and write an implant into the file system.
In the wake of this security incident, it's crucial for network administrators to stay vigilant and promptly apply the security patches provided by Cisco to safeguard their networks.
- Cybersecurity experts have emphasized the significance of incident response after the discovery of two critical vulnerabilities, CVE-2023-20198 and CVE-2023-20273, in Cisco IOS XE software.
- General-news outlets and crime-and-justice agencies have reported an unidentified hacker exploiting a web user interface vulnerability (CVE-2023-20198) to install malicious backdoors on about 42,000 devices worldwide, emphasizing the importance of cybersecurity in technology.
- In the aftermath of the recent cybersecurity incident involving Cisco IOS XE software, it's essential for network administrators to prioritize vulnerability management by applying the security patches provided by Cisco promptly, ensuring the protection of their networks from potential future attacks.
