Shulou(Shulou.com)11/24 Report--

CTOnews.com news on October 23, Cisco previously released a CVSS 10-point vulnerability in its own IOS XE system, "CVE-2023-20198", and another zero-day vulnerability, CVE-2023-20273, on October 20. Cisco claimed that hackers took advantage of a combination of two vulnerabilities, and Cisco said it would release a patch to fix the vulnerability today (22 local time).

▲ source Cisco CTOnews.com Note: the IOS XE system, which is based on Linux, is an operating system developed by Cisco for its switches, routers and other network equipment. Hackers exploit CVE-2023-20198 and CVE-2023-20273 vulnerabilities to gain the highest level of Level 15 privileges on the device, which is equivalent to "full control of the device" to execute arbitrary commands.

The CVE-2023-20198 vulnerability is located in the web background (Web User Interface,Web UI) of the Cisco IOS XE system. If the relevant devices enable the HTTP / S server function in the background, they may be hacked, with a CVSS score of 10.

And CVE- 2023-20273 is another loophole located in the background of the web page, which allows hackers to write malicious code into the system after getting the highest authority, thus effectively controlling the whole system. CVSS score is 7.2.

According to Cisco's investigation, the malicious code written by hackers is written in Lua, with only 29 lines to facilitate the execution of any instructions, but the key for hackers to carry out attacks is to make a HTTP POST request to the relevant network equipment. Therefore, Cisco recommends that customers turn off the HTTP / S server function in the relevant network equipment and check whether malicious code has been implanted into the device, or whether there is a "new user" out of thin air.

▲ source Cisco reported earlier that between October 16 and October 19, more than 10,000 devices around the world were implanted with Lua malicious code, and security company Censys said the main victims were in the United States, the Philippines and Mexico.

After October 19, security companies found a sharp drop in the number of infected network devices, and on the 22nd there were said to be only 320 "infected devices".

Security companies ONYPHE and CERT Orange Cyberdefense believe that this is less like the full enthusiasm of operators, more like hackers evacuating infected network devices and getting ready for the next wave of attacks.

Related reading: "there is no fix yet, and it is reported that more than 40,000 Cisco IOS XE devices have a 10-point vulnerability."

"Security companies analyze zero-day vulnerabilities in Cisco IOS XE system, and hackers can get the highest privileges by using HTTP function."

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.