TT-CSIRT-418.104.22.168: Cisco Security Vulnerability
Cisco has released a security advisory concerning a critical Privilege Escalation Vulnerability in their IOS XE software.
Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks. This affects both physical and virtual devices running Cisco IOS XE software that also have the HTTP or HTTPS Server feature enabled.
Successful exploitation of this vulnerability allows an attacker to create an account on the affected device with privilege level 15 access, effectively granting them full control of the compromised device and allowing possible subsequent unauthorized activity.
TT-CSIRT encourages administrators to review the following releases and take the necessary actions immediately:
CISCO PSIRT Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
CISCO TALOS: https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/