Security News > 2023 > October > Number of hacked Cisco IOS XE devices plummets from 50K to hundreds
The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously plummeted from over 50,000 impacted devices to only a few hundred, with researchers unsure what is causing the sharp decline.
This week, Cisco warned that hackers exploited two zero-day vulnerabilities, CVE-2023-20198 and CVE-2023-20273, to hack over 50,000 Cisco IOS XE devices to create privileged user accounts and install a malicious LUA backdoor implant.
On Saturday, multiple cybersecurity organizations reported that the number of Cisco IOS XE devices with a malicious implant has mysteriously dropped from approximately 60,000 devices to only 100-1,200, depending on the different scans.
Another theory is that a grey-hat hacker is automating the reboot of impacted Cisco IOS XE devices to clear the implant.
Cisco discloses new IOS XE zero-day exploited to deploy malware implant.
Over 10,000 Cisco devices hacked in IOS XE zero-day attacks.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-25 | CVE-2023-20273 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. | 7.2 |
2023-10-16 | CVE-2023-20198 | Unspecified vulnerability in Cisco IOS XE Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. | 10.0 |