Security News > 2023 > October > New Critical Zero-Day Vulnerability Affects Web UI of Cisco IOS XE Software & Allows Attackers to Compromise Routers

Cisco Talos discovered a new critical zero-day vulnerability in the Web User Interface feature of Cisco IOS XE software that's currently being used in the wild.
The vulnerability used to access the system and create those accounts is CVE-2023-20198; it received the highest Common Vulnerability Scoring System score of 10.
How to mitigate this Cisco IOS XE software security threat.
Only Cisco IOS XE software can be targeted by this vulnerability exploitation.
For organizations using that software, Cisco strongly recommends disabling the HTTP server feature on all internet-facing systems so the Web UI is no longer accessible.
Log files should be checked carefully for every user accessing the web UI. In addition, in the findings reported by Cisco Talos, an attacker could exploit a vulnerability patched since 2021 for further compromise.
News URL
https://www.techrepublic.com/article/cisco-ios-xe-software-zero-day-vulnerability/
Related news
- Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise (source)
- Still Using an Older Version of iOS or iPadOS? Update Now to Patch These Critical Security Vulnerabilities (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- ASUS warns of critical auth bypass flaw in routers using AiCloud (source)
- ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-16 | CVE-2023-20198 | Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. | 10.0 |