Security News > 2023 > October > Over 10,000 Cisco devices hacked in IOS XE zero-day attacks
Attackers have exploited a recently disclosed critical zero-day bug to compromise and infect more than 10,000 Cisco IOS XE devices with malicious implants.
According to threat intelligence company VulnCheck, the maximum severity vulnerability has been extensively exploited in attacks targeting Cisco IOS XE systems with the Web User Interface feature enabled, that also have the HTTP or HTTPS Server feature toggled on.
"Cisco buried the lede by not mentioning thousands of internet-facing IOS XE systems have been implanted. This is a bad situation, as privileged access on the IOS XE likely allows attackers to monitor network traffic, pivot into protected networks, and perform any number of man-in-the-middle attacks," said VulnCheck CTO Jacob Baines.
On Monday, Cisco disclosed that unauthenticated attackers can exploit the IOS XE zero-day to gain full administrator privileges and take complete control over affected Cisco routers and switches remotely.
In September, Cisco cautioned customers to patch another zero-day vulnerability in its IOS and IOS XE software, targeted by attackers in the wild.
Cisco warns of new IOS XE zero-day actively exploited in attacks.
News URL
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Cisco warns of password-spraying attacks targeting VPN services (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack (source)
- Palo Alto Networks warns of PAN-OS firewall zero-day used in attacks (source)
- Roku warns 576,000 accounts hacked in new credential stuffing attacks (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- Cisco warns of large-scale brute-force attacks against VPN services (source)
- Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack (source)