Security News > 2023 > October > Cisco warns of new IOS XE zero-day actively exploited in attacks

Cisco warned admins today of a new and maximum severity zero-day vulnerability in its IOS XE Software that can let attackers gain full administrator privileges and take complete control of affected routers.
"Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface feature of Cisco IOS XE software when exposed to the internet or untrusted networks," the company revealed today.
Cisco identified related activity dating back to September 18 following further investigation into the attacks.
Last month, Cisco cautioned customers to patch another zero-day vulnerability in its IOS and IOS XE software targeted by attackers in the wild.
Cisco urges admins to fix IOS software zero-day exploited in attacks.
Cisco warns of VPN zero-day exploited by ransomware gangs.
News URL
Related news
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Cisco IOS XR vulnerability lets attackers crash BGP on routers (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Cisco warns of CSLU backdoor admin account used in attacks (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)