Jetzt Ausprobieren
Vulnerability

Critical Zero-Day in Cisco IOS XE Could Lead to Privilege Escalation

3 min. read
17/10/2023
By Esben Dochy
Cisco-Vulnerability-Blog_Image_Base_Featured

⚡ TL;DR | Go Straight to the Cisco IOS XE Web UI Vulnerability Audit Report

Cisco has released an advisory warning users about a critical zero-day vulnerability in the Web UI feature of their IOS XE software. The flaw is already being exploited in the wild. When successfully exploited the vulnerability would allow a remote attacker to to create an account on the targetted system with privilege level 15 access. They can then use this account can then further be used to gain full control of the affected system. We have created a new Lansweeper report to help you locate any Cisco devices in your environment that use the IOS XE software.

Cisco Vulnerability CVE-2023-20198

The new Cisco zero-day vulnerability tracked as CVE-2023-20198 has a maximum CVSS severity rating of 10.0. It is rooted in the web UI feature of the IOS XE software. The web UI is an embedded GUI-based system-management tool, that comes with the default image. Cisco warns that the flaw is already under active exploitation. Successful exploitation allows an attacker to create an account on the affected system with privilege level 15, allowing that account to gain full control of the system. This could in turn compromise sensitive data or create backdoors for future attacks. You can find more information in Cisco’s advisory.

Protect Vulnerable Cisco Systems

At this moment there is no patch available yet for the new Cisco vulnerability. However, Cisco has included detailed instructions on how to identify and protect vulnerable systems. They strongly recommend that users disable the HTTP Server feature on all internet-facing systems which would remove the attack vector. To do so use the no ip http server or no ip http secure-server command in global configuration mode. Then, use the copy running-configuration startup-configuration command to save the running-configuration. This will ensure that a system reload will not unexpectedly enable the HTTP Server feature again.

We highly recommend that you check out Cisco’s security advisory. It includes detailed instructions on how to identify affected products, indicators of compromise, and mitigation. This is also where you will find updates when a software patch becomes available.

Discover Vulnerable Cisco Devices

We have added a new vulnerability report to Lansweeper to help you locate any Cisco systems in your network that make use of the IOS XE software. This way you have an actionable list of devices that may be vulnerable and need your intervention. Do note that the vulnerability affects those devices that have the web UI feature enabled. You can get the report via the link below.

Run the Cisco IOS XE Web UI Vulnerability Audit