Security News > 2023 > October > “Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day
Cisco has released the first fixes for the IOS XE zero-day exploited by attackers to ultimately deliver a malicious implant.
The fixes were made available on Sunday, but a curious thing happened the day before: several cybersecurity companies and organizations have noticed a drastic reduction in the number of internet-facing Cisco devices that saddled with the implant.
On October 16, Cisco revealed that attackers have been spotted exploiting one previously unknown vulnerability and an older one in the web UI of Cisco IOS XE software to create highest-privilege accounts and install an implant/backdoor on internet-facing network devices.
Cisco has shared indicators of compromise to help security teams detect whether their organizations' devices have been compromised.
The first fixed release for Cisco IOS XE is now available, but fixes only CVE-2023-20198, the flaw that allows the creation of high-privilege accounts.
While it's possible that many organizations have simply rebooted their Cisco devices to quickly remove the non-persistent implant, it's unlikely that it happened so quickly and at such a scale.
News URL
https://www.helpnetsecurity.com/2023/10/23/disappearing-implants-cve-2023-20198-fixes/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-16 | CVE-2023-20198 | Unspecified vulnerability in Cisco IOS XE Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. | 10.0 |