Cisco has issued an urgent alert to customers after the discovery of a zero-day vulnerability affecting its IOS XE Software range.
Tracked as CVE-2023-20198, the flaw was given a maximum CVSS rating of 10.0, and specifically affects the web UI feature of Cisco’s IOS XE Software, the tech giant explained.
Cisco added the flaw could enable an attacker to take over an affected system and has been actively exploited in the wild.
“Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks,” the firm said in a security advisory.
“This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.”
The vulnerability specifically affects systems with HTTP or HTTPS servers turned on, with Cisco advising customers to disable both servers on all internet-facing systems to prevent exploitation.
“To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode,” the firm added.
At present, there is no available patch for the vulnerability, but the company added it will update users when one lands. Similarly, the volume of affected systems is yet to be determined but could range in the tens of thousands, according to early analysis.
RELATED RESOURCE
Solve security compliance, operational, and DevOps issues.
Mayuresh Dani, manager of threat research at Qualys, said the potential number of affected companies could be huge based on Shodan observations.
“Cisco has not provided the list of devices affected, which means that any switch, router or WLC running IOS XE and has the web UI exposed to the internet is vulnerable.”
“Based on my searches using Shodan, there are about 40,000 Cisco devices that have web UI exposed to the internet,” he added.
Dani echoed Cisco’s advisory and strongly recommended that users disable the web UI component on devices.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Cisco claims new smart switches provide next-level perimeter defenseNews Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
-
Cisco is jailbreaking AI models so you don’t have to worry about itNews Cisco's new AI Defense security solution helps organizations shore up LLM security by identifying potential flaws.
-
Cisco dispels Kraken data breach claims, insists stolen data came from old attackNews Cisco has refuted claims it has suffered a data breach after the Kraken threat group posted stolen data online.
-
Cisco patches critical flaws in Identity Services EngineNews Cisco has issued patches for a pair of critical vulnerabilities affecting its Identity Service Engine (ISE).
-
Your office is now absolutely riddled with surveillance equipmentNews While workplace monitoring is shown to have a detrimental effect on morale, many firms are still charging ahead
-
Cisco confirms attackers stole data, shuts down access to compromised DevHub environmentNews The tech giant insists that no sensitive customer information has been compromised
-
Cisco confirms investigation amid data breach claimsNews The networking giant says its probe is ongoing amid claims a threat actors accessed company data
-
Rubrik partners with Cisco to bolster cyber resilience
News Rubrik now integrates with Cisco XDR and is listed on the connectivity giant’s SolutionsPlus program
