Security News > 2023 > October > “Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day

“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day
2023-10-23 10:00

Cisco has released the first fixes for the IOS XE zero-day exploited by attackers to ultimately deliver a malicious implant.

The fixes were made available on Sunday, but a curious thing happened the day before: several cybersecurity companies and organizations have noticed a drastic reduction in the number of internet-facing Cisco devices that saddled with the implant.

On October 16, Cisco revealed that attackers have been spotted exploiting one previously unknown vulnerability and an older one in the web UI of Cisco IOS XE software to create highest-privilege accounts and install an implant/backdoor on internet-facing network devices.

Cisco has shared indicators of compromise to help security teams detect whether their organizations' devices have been compromised.

The first fixed release for Cisco IOS XE is now available, but fixes only CVE-2023-20198, the flaw that allows the creation of high-privilege accounts.

While it's possible that many organizations have simply rebooted their Cisco devices to quickly remove the non-persistent implant, it's unlikely that it happened so quickly and at such a scale.


News URL

https://www.helpnetsecurity.com/2023/10/23/disappearing-implants-cve-2023-20198-fixes/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2048 21 1790 1684 288 3783