Security News > 2023 > October > Number of hacked Cisco IOS XE devices plummets from 50K to hundreds

Number of hacked Cisco IOS XE devices plummets from 50K to hundreds
2023-10-22 17:37

The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously plummeted from over 50,000 impacted devices to only a few hundred, with researchers unsure what is causing the sharp decline.

This week, Cisco warned that hackers exploited two zero-day vulnerabilities, CVE-2023-20198 and CVE-2023-20273, to hack over 50,000 Cisco IOS XE devices to create privileged user accounts and install a malicious LUA backdoor implant.

On Saturday, multiple cybersecurity organizations reported that the number of Cisco IOS XE devices with a malicious implant has mysteriously dropped from approximately 60,000 devices to only 100-1,200, depending on the different scans.

Another theory is that a grey-hat hacker is automating the reboot of impacted Cisco IOS XE devices to clear the implant.

Cisco discloses new IOS XE zero-day exploited to deploy malware implant.

Over 10,000 Cisco devices hacked in IOS XE zero-day attacks.


News URL

https://www.bleepingcomputer.com/news/security/number-of-hacked-cisco-ios-xe-devices-plummets-from-50k-to-hundreds/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-20273 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root.
network
low complexity
cisco CWE-78
7.2
2023-10-16 CVE-2023-20198 Unspecified vulnerability in Cisco IOS XE
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software.
network
low complexity
cisco
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 4428 230 3115 1863 609 5817