(616) 828-4416

In an ever-evolving digital landscape, staying one step ahead of potential security threats is crucial. Recently, we’ve become aware of security vulnerabilities in Cisco’s IOS XE software that have the potential to impact your current IT environment. At IP Consulting, your security is our priority, and we’re here to help you understand and address this issue.

The Cisco IOS XE Software Vulnerability

The security concern in question relates to a privilege escalation vulnerability within the web UI feature of Cisco IOS XE Software. This vulnerability can be exploited by remote, unauthenticated attackers when the software is exposed to the internet or untrusted networks. In a worst-case scenario, this could allow an attacker to create an account on an affected system with privilege level 15 access, potentially gaining control over your systems.

In-Depth Information and Remediation

In response to the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software, Cisco is taking swift and comprehensive action. We are dedicated to keeping you informed and protected throughout this process.

Enhanced Detection and Updates

Cisco is actively working to provide an update for the ongoing investigation and enhance detection for the presence of the implant. We’re committed to ensuring that your systems remain secure, and we’ll continue to keep you updated as additional releases become available via the Cisco Software Download Center.

Details of the Exploitation

Cisco’s investigation has uncovered that the attackers exploited two previously unknown issues. In their initial approach, they took advantage of CVE-2023-20198 to gain initial access. This enabled them to issue a privilege 15 command, ultimately creating a local user and password combination. This maneuver allowed the attacker to log in with normal user access.

Subsequently, the attacker leveraged another component of the web UI feature, using the newly created local user to elevate privileges to root. They also successfully wrote the implant to the file system, a significant security breach. Cisco has assigned CVE-2023-20273 to this specific issue.

CVE-2023-20198 has been assigned a CVSS Score of 10.0.
CVE-2023-20273 has been assigned a CVSS Score of 7.2.

It’s important to note that both of these CVEs are actively being tracked by CSCwh87343.

Taking Action to Secure Your Systems

In light of these vulnerabilities, it’s essential to take steps to close the attack vector. For detailed recommendations on how to safeguard your systems, please consult the “Recommendations” section of Cisco’s advisory.

Your Questions and Concerns Matter

We understand that this news may raise questions and concerns about the security of your IT environment. Please know that you’re not alone in this. If you require assistance or have any questions regarding this matter, please don’t hesitate to contact IP Consulting. Your immediate attention to this matter is greatly appreciated, as safeguarding your IT environment remains our top priority.

At IP Consulting, we’re committed to providing you with the support and expertise you need to keep your systems secure. Your security is our mission, and we’re here to help you every step of the way. If you require assistance or have any questions concerning this matter, please don’t hesitate to contact IP Consulting.