Security News > 2023 > October > Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day
More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability tracked as CVE-2023-20198.
Initial estimates of breached Cisco IOS XE devices were around 10,000 and the number started growing as security researchers scanned the internet for a more accurate figure.
Using the same verification method from Cisco, the private CERT from Orange announced on Wednesday that there were more than 34,500 Cisco IOS XE IP addresses with a malicious implant as a result of exploiting CVE-2023-20198.
A precise number of Cisco IOS XE devices reachable over the public internet is difficult to obtain but Shodan shows a little over 145,000 hosts, most of them in the U.S. Below is a screenshot with Shodan results for Cisco devices that have their Web UI accessible over the internet, using a query from Simo Kohonen, the CEO of Aves Netsec cybersecurity company.
Security researcher Yutaka Sejiyama also searched Shodan for Cisco IOS XE devices vulnerable to CVE-2023-20198 and found close to 90,000 hosts exposed on the web.
Over 10,000 Cisco devices hacked in IOS XE zero-day attacks.
News URL
Related news
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Palo Alto Networks zero-day exploited since March to backdoor firewalls (source)
- Palo Alto Networks fixes zero-day exploited to backdoor firewalls (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024 (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-16 | CVE-2023-20198 | Unspecified vulnerability in Cisco IOS XE Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. | 10.0 |