A critical vulnerability in certain Cisco devices has been exploited by hackers, resulting in the compromise of entire networks, according to a disclosure by the company. In a security advisory from its Talos research team, Cisco strongly advises users to promptly apply the recently released patch to mitigate the risks.
The vulnerability resides in the Web User Interface of Cisco IOS XE software that is accessible via the public internet. This means that any Cisco endpoint running the affected software, with HTTP and HTTPS Server features enabled and connected to the internet, is susceptible to complete device takeover. Reports from Ars Technica indicate that approximately 80,000 endpoints are currently impacted by this flaw, now identified as CVE-2023-20198, and it carries a severity rating of 10.
Exploiting this vulnerability allows an attacker to create an account on the affected device with privilege level 15 access, effectively providing them with full control over the compromised device and enabling unauthorized activities. Cisco Talos emphasized the critical nature of this vulnerability and urged affected entities to take immediate action by following the steps outlined in Cisco’s PSIRT advisory.
Notably, the flaw has allegedly been exploited for at least a month, though the identities of the attackers and their specific targets remain unknown. What is known is that the attackers utilized the flaw to drop a piece of malware that runs when the web server restarts. Although the malware cannot persist through a device reboot, the local user account remains active, giving attackers the opportunity to repeat the process as needed. As reported by Ars Technica, this vulnerability is “relatively easy to exploit,” enabling attackers to execute various malicious operations.
In addition to applying the provided patch, it is essential to ensure the safety of your devices by never enabling HTTP and HTTPS Server features on internet-facing systems. This precaution can significantly reduce the risk of exploitation and maintain the security of Cisco devices in your network.
