Security News > 2023 > October > Cisco fixes critical IOS XE bug but malware crew way ahead of them
After a six-day wait, Cisco started rolling out a patch for a critical bug that miscreants had exploited to install implants in thousands of devices.
The flaw in the networking giant's IOS XE software, which allowed criminals to hijack thousands of Cisco switches and routers, first came to light last Monday.
The good news: Cisco kept its Sunday promise and made available the first fixed software release, 17.9.4a, with more updates to come at a still undisclosed date.
On Monday, Cisco updated its security advisory to provide "Enhanced guidance to detect the presence of the implant, after uncovering a new variant that hinders identification of compromised systems," a spokesperson told The Register.
The first fixed release, 17.9.4a, addresses both flaws, and updates for earlier versions will be made available, according to Cisco.
"We have observed that the implant placed on tens of thousands of Cisco devices has been altered to check for an Authorization HTTP header value before responding," the analysts xeeted on Monday.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/10/23/cisco_iosxe_fix/
Related news
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)