Security News > 2023 > October > Cisco discloses new IOS XE zero-day exploited to deploy malware implant

Cisco discloses new IOS XE zero-day exploited to deploy malware implant
2023-10-20 22:12

Cisco disclosed a new high-severity zero-day today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week.

On Monday, Cisco disclosed that unauthenticated attackers have been exploiting the CVE-2023-20198 authentication bypass zero-day since at least September 18 to hack into IOS XE devices and create "Cisco tac admin" and "Cisco support."

As revealed today, the CVE-2023-20273 privilege escalation zero-day is then used to gain root access and take complete control over Cisco IOS XE devices to deploy malicious implants that enable them to execute arbitrary commands at the system.

Last month, Cisco warned customers to patch another zero-day bug in its IOS and IOS XE software, also targeted by attackers in the wild.

Over 10,000 Cisco devices hacked in IOS XE zero-day attacks.

Cisco warns of new IOS XE zero-day actively exploited in attacks.


News URL

https://www.bleepingcomputer.com/news/security/cisco-discloses-new-ios-xe-zero-day-exploited-to-deploy-malware-implant/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-20273 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root.
network
low complexity
cisco CWE-78
7.2
2023-10-16 CVE-2023-20198 Unspecified vulnerability in Cisco IOS XE
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software.
network
low complexity
cisco
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1771 1669 288 3749