Security News > 2023 > October > Cisco Patches 2 Dangerous Zero-Day Vulnerabilities
Cisco has patched two zero-day vulnerabilities that exposed Cisco IOS XE system software hosts to attackers.
These vulnerabilities affected devices running the Cisco IOS XE software, such as routers and switches.
Customers who do not have a Cisco service contract or cannot obtain fixed software through their third-party vendors can contact Cisco support.
On October 16, Cisco Talos Intelligence released its threat advisory showing the two exploits labeled CVE-2023-20198 and CVE-2023-20273.
Cisco advises customers running IOS XE devices without the patches to disable the HTTP Server feature on all internet-facing systems or to restrict the HTTP Server feature to trusted source addresses.
"Cisco is committed to transparency. When critical security issues arise, we handle them as a matter of top priority, so our customers understand the issues and know how to address them," Cisco said in a prepared statement sent to TechRepublic.
News URL
https://www.techrepublic.com/article/cisco-patches-ios-xe-vulnerabilities/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-25 | CVE-2023-20273 | OS Command Injection vulnerability in Cisco IOS XE A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. | 7.2 |
2023-10-16 | CVE-2023-20198 | Unspecified vulnerability in Cisco IOS XE Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. | 10.0 |