CVE ID
CVE-2023-20198
Vulnerability Name
Cisco IOS XE Web UI Privilege Escalation Vulnerability
- Project: Cisco
- Product: IOS XE Web UI
Date
- Date Added: 2023-10-16
- Due Date: 2023-10-20
Description
Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.
Additional Notes
https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-dublin-17121/221128-software-fix-availability-for-cisco-ios.html; https://nvd.nist.gov/vuln/detail/CVE-2023-20198
Related Security News
- China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom
- Canada says Salt Typhoon hacked telecom firm via Cisco flaw
- Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
- Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
- Salt Typhoon Exploits Cisco Devices in Telco Infrastructure
- Chinese hackers breach more US telecoms via unpatched Cisco routers
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset
- What 2024 taught us about security vulnerabilties
- Zero-days dominate top frequently exploited vulnerabilities
Top comments (0)