Security News > 2023 > October > Thousands of Cisco IOS XE devices hacked in widespread attacks
Attackers have exploited a recently disclosed critical zero-day bug to compromise and infect thousands of Cisco IOS XE devices with malicious implants.
According to threat intelligence company VulnCheck, the maximum severity vulnerability has been extensively exploited in attacks targeting Cisco IOS XE routers and switches with the Web User Interface feature enabled, that also have the HTTP or HTTPS Server feature toggled on.
VulnCheck scanned internet-facing Cisco IOS XE web interfaces and discovered thousands of compromised and infected hosts.
On Monday, Cisco disclosed that unauthenticated attackers can exploit the IOS XE zero-day to gain full administrator privileges and take complete control over affected Cisco routers and switches remotely.
In September, Cisco cautioned customers to patch another zero-day vulnerability in its IOS and IOS XE software, targeted by attackers in the wild.
Cisco warns of new IOS XE zero-day actively exploited in attacks.
News URL
Related news
- Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- New Cisco ASA and FTD features block VPN brute-force password attacks (source)
- LottieFiles hacked in supply chain attack to steal users’ crypto (source)
- Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign (source)