Cisco IOS XE Software has a vulnerability [CVE-2023-20198] that provides initial access and allows the attacker to issue a privilege 15 command to create a local user and password combination and log in with normal user access.
The attacker can then exploit another component of the web UI feature, leveraging the new local user to elevate their privilege to root and write an implant to the file system [CVE-2023-20273].
- CVE-2023-20198 has a CVSS score of 10.0.
- CVE-2023-20273 has a CVSS score of 7.2.
What To Do
Refer to the Recommendations section of the Cisco advisory for updates on the status of their investigation and when a software patch is available.
Scan for CVE-2023-20198 to get results for CVE-2023-20273.
Cybersecurity News
- Cisco IOS XE Web UI Elevated Privilege [CVE-2023-20273] – October 30, 2023
- Cisco IOS XE Web UI Privilege Escalation [CVE-2023-20198] – October 24, 2023
Resources
- Cisco Security Advisory, “Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature”
- Cisco Talos, “Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities”
- NIST NVD, “CVE-2023-20198 Detail”
- October 30, 2023: CVE-2023-20273.
- October 24, 2023: Published.
Feedback
0 comments
Please sign in to leave a comment.