Security News > 2023 > October > Thousands of Cisco IOS XE devices hacked in widespread attacks
Attackers have exploited a recently disclosed critical zero-day bug to compromise and infect thousands of Cisco IOS XE devices with malicious implants.
According to threat intelligence company VulnCheck, the maximum severity vulnerability has been extensively exploited in attacks targeting Cisco IOS XE routers and switches with the Web User Interface feature enabled, that also have the HTTP or HTTPS Server feature toggled on.
VulnCheck scanned internet-facing Cisco IOS XE web interfaces and discovered thousands of compromised and infected hosts.
On Monday, Cisco disclosed that unauthenticated attackers can exploit the IOS XE zero-day to gain full administrator privileges and take complete control over affected Cisco routers and switches remotely.
In September, Cisco cautioned customers to patch another zero-day vulnerability in its IOS and IOS XE software, targeted by attackers in the wild.
Cisco warns of new IOS XE zero-day actively exploited in attacks.
News URL
Related news
- Cisco warns of password-spraying attacks targeting VPN services (source)
- Roku warns 576,000 accounts hacked in new credential stuffing attacks (source)
- Cisco warns of large-scale brute-force attacks against VPN services (source)
- Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack (source)
- Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services (source)