Security News > 2023 > October > “Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day

“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day
2023-10-23 10:00

Cisco has released the first fixes for the IOS XE zero-day exploited by attackers to ultimately deliver a malicious implant.

The fixes were made available on Sunday, but a curious thing happened the day before: several cybersecurity companies and organizations have noticed a drastic reduction in the number of internet-facing Cisco devices that saddled with the implant.

On October 16, Cisco revealed that attackers have been spotted exploiting one previously unknown vulnerability and an older one in the web UI of Cisco IOS XE software to create highest-privilege accounts and install an implant/backdoor on internet-facing network devices.

Cisco has shared indicators of compromise to help security teams detect whether their organizations' devices have been compromised.

The first fixed release for Cisco IOS XE is now available, but fixes only CVE-2023-20198, the flaw that allows the creation of high-privilege accounts.

While it's possible that many organizations have simply rebooted their Cisco devices to quickly remove the non-persistent implant, it's unlikely that it happened so quickly and at such a scale.


News URL

https://www.helpnetsecurity.com/2023/10/23/disappearing-implants-cve-2023-20198-fixes/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-16 CVE-2023-20198 Unspecified vulnerability in Cisco IOS XE
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software.
network
low complexity
cisco
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 4428 230 3115 1863 609 5817