Shulou(Shulou.com)11/24 Report--

CTOnews.com, October 20, the Cisco IOS XE device recently exposed a 10-point vulnerability with tracking number CVE-2023-20198. There are no patches or solutions available, and the only official recommendation is to disable the HTTP server feature on all Internet-facing systems.

CTOnews.com Note: IOS XE is a system designed by Cisco for network devices such as switches and routers, which is based on Linux. This CVE-2023-20198 vulnerability will allow hackers to gain the highest level of Level 15 privileges on the device, which is equivalent to "full control of the device" to execute arbitrary commands.

Initial scan information showed that the number of affected IOS XE devices was about 10,000, but security researchers scanned the Internet and found at least more than 30,000.

The LeakIX engine, which indexes services and web applications exposed on public networks, found more than 30,000 vulnerable devices on Tuesday.

Orange's private CERT, which uses the same authentication method as Cisco, announced on Wednesday that more than 34500 Cisco IOS XE IP addresses had been maliciously implanted due to the use of CVE-2023-20198.

CERT Orange has also released a Python script to scan for malicious implants on network devices running Cisco IOS XE.

In an update on October 18, the Censys search platform, which evaluates the attack surface of networked devices, said the number of infected devices found increased to 41983.

It is difficult to obtain the exact number of Cisco IOS XE devices accessed through the public Internet, but Shodan shows more than 145000 hosts, most of them in the United States.

Related readings:

"Security companies analyze zero-day vulnerabilities in Cisco IOS XE system, and hackers can get the highest privileges by using HTTP function."

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.