Security News > 2023 > October > New Critical Zero-Day Vulnerability Affects Web UI of Cisco IOS XE Software & Allows Attackers to Compromise Routers
![New Critical Zero-Day Vulnerability Affects Web UI of Cisco IOS XE Software & Allows Attackers to Compromise Routers](/static/build/img/news/new-critical-zero-day-vulnerability-affects-web-ui-of-cisco-ios-xe-software-allows-attackers-to-compromise-routers-medium.jpg)
Cisco Talos discovered a new critical zero-day vulnerability in the Web User Interface feature of Cisco IOS XE software that's currently being used in the wild.
The vulnerability used to access the system and create those accounts is CVE-2023-20198; it received the highest Common Vulnerability Scoring System score of 10.
How to mitigate this Cisco IOS XE software security threat.
Only Cisco IOS XE software can be targeted by this vulnerability exploitation.
For organizations using that software, Cisco strongly recommends disabling the HTTP server feature on all internet-facing systems so the Web UI is no longer accessible.
Log files should be checked carefully for every user accessing the web UI. In addition, in the findings reported by Cisco Talos, an attacker could exploit a vulnerability patched since 2021 for further compromise.
News URL
https://www.techrepublic.com/article/cisco-ios-xe-software-zero-day-vulnerability/
Related news
- Vulnerability in Cisco Webex cloud service exposed government authorities, companies (source)
- TikTok confirms CNN, other high-profile accounts hijacked via zero-day vulnerability (source)
- Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers (source)
- Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability (source)
- ASUS warns of critical remote authentication bypass on 7 routers (source)
- ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool (source)
- Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application (source)
- GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-16 | CVE-2023-20198 | Unspecified vulnerability in Cisco IOS XE Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. | 10.0 |