Cyber Security News

Stay Informed

• Cisco disclosed two critical vulnerabilities (CVE-2023-20198 and CVE-2023-20273) affecting Cisco IOS XE software that could allow attackers to gain full control of affected devices.
• The vulnerabilities affect devices with the HTTP server feature exposed to the internet. Cisco urged customers to disable HTTP on externally facing devices.
• Cisco first detected suspicious activity exploiting CVE-2023-20198 on September 28. Attackers were creating local admin accounts on routers.
• On October 12, Cisco observed more attacks creating local accounts and deploying an implant script to maintain access. The implant allows running arbitrary commands.
• Over 40,000 internet-facing Cisco IOS devices were found to be compromised by the vulnerabilities as of October 19.
• The attacks are believed to be carried out by the same actor. The threat actor tried to cover their tracks by clearing logs and removing created accounts.
• Cisco scored CVE-2023-20198 a CVSS 10.0 (critical severity) and CVE-2023-20273 a CVSS 7.2 (high severity).
• Patches for both vulnerabilities are estimated to be released on October 22 per Cisco's latest update.
• Cisco and CISA have provided mitigation advice for customers including disabling HTTP, updating devices, and reporting compromised systems.