Cisco fixes critical IOS XE bug but malware crew way ahead of them

2023-10-23 22:15

After a six-day wait, Cisco started rolling out a patch for a critical bug that miscreants had exploited to install implants in thousands of devices.

The flaw in the networking giant's IOS XE software, which allowed criminals to hijack thousands of Cisco switches and routers, first came to light last Monday.

The good news: Cisco kept its Sunday promise and made available the first fixed software release, 17.9.4a, with more updates to come at a still undisclosed date.

On Monday, Cisco updated its security advisory to provide "Enhanced guidance to detect the presence of the implant, after uncovering a new variant that hinders identification of compromised systems," a spokesperson told The Register.

The first fixed release, 17.9.4a, addresses both flaws, and updates for earlier versions will be made available, according to Cisco.

"We have observed that the implant placed on tens of thousands of Cisco devices has been altered to check for an Authorization HTTP header value before responding," the analysts xeeted on Monday.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/23/cisco_iosxe_fix/

#cisco #critical #IOS #malware

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		4442	231	3052	1816	604	5703

News URL

Related news

Related vendor