Shulou(Shulou.com)11/24 Report--

CTOnews.com October 17, Cisco yesterday released a zero-day vulnerability CVE-2023-20198 that has been exploited by hackers, which is currently described by security company talosintelligence.

It is reported that the vulnerability is located in the web background (Web User Interface,Web UI) of the Cisco IOS XE system, and if the relevant devices enable HTTP or HTTPS server functions in the background, they may be hacked.

▲ graphic Source Security Company talosintelligenceIOS XE is a system designed by Cisco for switches, routers and other network devices, which is based on Linux. This CVE-2023-20198 vulnerability will allow hackers to gain the highest level of Level 15 privileges on the device, which is equivalent to "full control of the device" to execute arbitrary commands.

Talosintelligence Cisco, a ▲ graphic source security company, said its Technical Assistance Center (Technical Assistance Center) discovered the vulnerability on Sept. 28.

The investigation showed that the activity dates back to September 18 and involved an unauthorized user from a suspicious IP location who set up a local user account called cisco_tac_admin, but did not do anything else.

Until October 12, the Cisco Talos incident response team (Talos IR) and the Cisco Technical Assistance Center once again discovered that an unauthorized user from another suspected IP had set up another user account called cisco_support and had implanted a file that could be used to change the configuration. Although the files implanted by the hacker will be deleted after the device is rebooted, the user account created will always exist and have the highest privileges.

CTOnews.com noted from CVSS that the CVE-2023-20198 vulnerability has a risk rating of 10, which allows hackers to access devices exposed to the public network, and hackers can set up new accounts on the device to gain complete administrative privileges, thereby taking complete control of the relevant network devices.

▲ image source CVSS Cisco has not yet fixed this security vulnerability, and Cisco strongly recommends that customers turn off HTTP Server on all devices connected to the public network.

Referenc

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability

CVE-2023-20198 Detail-CVSS

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.