A Cisco zero-day vulnerability affecting its IOS XE Software has been found to have infected more than 41,000 devices, marking a significant increase in a matter of days.
There was previous speculation about the number of infected devices in the immediate wake of the vulnerability disclosure.
The vulnerability, tracked as CVE-2023-20198, had already been exploited with backdoors installed on 34,104 devices, according to Censys’ findings.
Originally, 50% of the 67,445 devices that use the Cisco web interface were thought to be infected. However, a further 7, 843 have been compromised by the vulnerability, bringing the total to over 41,000.
“Iterating on our current query to find potential targets, we updated it with some more generic conditionals, hoping to find even more potentially vulnerable hosts,” the Censys research team wrote in its blog.
“Unfortunately, the updates were successful, and we found even more compromised hosts this morning.”
Censys was able to tag devices that used Cisco web interfaces by deploying a new label, though that only noted whether they were running the Cisco IOS-WE web interface.
A secondary scan using Censys data as a baseline and an open-source tool was used to analyze how widespread the vulnerability was.
RELATED RESOURCE
Discover how you can optimize your security operations
DOWNLOAD NOW
The firm’s research has highlighted particular concerns in the USA and the Philippines, which recorded the most compromised devices.
It appears that the primary targets of the vulnerability are smaller businesses and individuals, rather than larger organizations.
The zero-day vulnerability was first identified on 16 October and given a maximum CVSS rating of 10.0.
Cisco explained that it specifically affected the user interface of its IOS XE Software and that it could be used to enable an unauthorized party to gain control over an affected system. This, it said, had already been exploited in the wild.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Cisco claims new smart switches provide next-level perimeter defenseNews Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches.
-
Cisco is jailbreaking AI models so you don’t have to worry about itNews Cisco's new AI Defense security solution helps organizations shore up LLM security by identifying potential flaws.
-
Cisco dispels Kraken data breach claims, insists stolen data came from old attackNews Cisco has refuted claims it has suffered a data breach after the Kraken threat group posted stolen data online.
-
Cisco patches critical flaws in Identity Services EngineNews Cisco has issued patches for a pair of critical vulnerabilities affecting its Identity Service Engine (ISE).
-
Your office is now absolutely riddled with surveillance equipmentNews While workplace monitoring is shown to have a detrimental effect on morale, many firms are still charging ahead
-
Cisco confirms attackers stole data, shuts down access to compromised DevHub environmentNews The tech giant insists that no sensitive customer information has been compromised
-
Cisco confirms investigation amid data breach claimsNews The networking giant says its probe is ongoing amid claims a threat actors accessed company data
-
Rubrik partners with Cisco to bolster cyber resilience
News Rubrik now integrates with Cisco XDR and is listed on the connectivity giant’s SolutionsPlus program
