Security News > 2023 > October > Cisco Patches 2 Dangerous Zero-Day Vulnerabilities

Cisco Patches 2 Dangerous Zero-Day Vulnerabilities
2023-10-24 20:55

Cisco has patched two zero-day vulnerabilities that exposed Cisco IOS XE system software hosts to attackers.

These vulnerabilities affected devices running the Cisco IOS XE software, such as routers and switches.

Customers who do not have a Cisco service contract or cannot obtain fixed software through their third-party vendors can contact Cisco support.

On October 16, Cisco Talos Intelligence released its threat advisory showing the two exploits labeled CVE-2023-20198 and CVE-2023-20273.

Cisco advises customers running IOS XE devices without the patches to disable the HTTP Server feature on all internet-facing systems or to restrict the HTTP Server feature to trusted source addresses.

"Cisco is committed to transparency. When critical security issues arise, we handle them as a matter of top priority, so our customers understand the issues and know how to address them," Cisco said in a prepared statement sent to TechRepublic.


News URL

https://www.techrepublic.com/article/cisco-patches-ios-xe-vulnerabilities/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-20273 OS Command Injection vulnerability in Cisco IOS XE
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root.
network
low complexity
cisco CWE-78
7.2
2023-10-16 CVE-2023-20198 Unspecified vulnerability in Cisco IOS XE
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software.
network
low complexity
cisco
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Cisco 2046 21 1773 1669 288 3751