Vulnerability Awareness – Cisco IOS XE Devices Targeted in Recent Zero-Day Exploitation

Action may be required for members using impacted appliances.

Cisco Talos published details warning of recent zero-day exploitation against the Cisco IOS XE Web UI. It is believed that any switch, router, or wireless LAN controller running IOS XE with the web user interface (UI) exposed to the internet is likely vulnerable. There is currently no patch available, but Cisco is currently working on an update to address this issue. While CISA has added the vulnerability (CVE-2023-20198) to its Known Exploited Vulnerabilities Catalog, at the time of this writing, researchers are not aware of any publicly available proof-of-concept code. This compromise specifically targets Cisco IOS XE routers and switches with the Web User Interface (Web UI) feature activated, coupled with the HTTP or HTTPS Server features enabled.

System administrators are highly encouraged to confirm that vulnerable appliances are not exposed to the internet or have been hardened accordingly. Until the patch is available, Cisco advises immediate actions, including disabling web interfaces and removing management from the internet. Read more at Bleeping Computer.