Advisory ID: NCC-CSIRT-071223-045
Summary: Critical vulnerabilities in Cisco’s IOS XE software have been exploited, allowing attackers to gain unauthorised control over devices. The vulnerabilities (CVE-2023-20198 and CVE-2023-20273). These weaknesses allow unauthorised users to gain high-level access to network devices, potentially leading to unauthorised control and activities on affected networks. .
Threat Type(s): Vulnerability, and Man-in-the-Middle Attack.
Impact/Vulnerability: CRITICAL/HIGH
Product(s): Cisco IOS XE Software
Platform(s): Cisco Networking Devices
Version(s): 17.9, 17.6, 17.3, 16.12
Description: The exploitation of Cisco IOS XE vulnerabilities presents severe consequences, primarily by granting hackers unauthorised high-level access to network devices. This access allows them to control network operations, potentially leading to data breaches, including the theft of sensitive information. Furthermore, these attackers can disrupt network services, significantly impacting business operations and causing financial and reputational damage. The compromised devices could also be used as a launchpad for further attacks or to spread malware across the network, multiplying the risks and potential damage.
Consequences: Potential for compromised network security and unauthorised activities.
Solution:
-
Update to the latest Cisco IOS XE software versions.
-
Disable the HTTP Server feature on internet-facing systems.
-
Vigilantly monitor networks for signs of malicious activity.
References:
https://www.securityweek.com/exploitation-of-recent-cisco-ios-xe-vulnerabilities-spikes/
https://www.owler.com/reports/cisco/cisco--exploitation-of-recent-cisco-ios-xe-vulnera/1701878684398
https://www.itsecuritynews.info/exploitation-of-recent-cisco-ios-xe-vulnerabilities-spikes/