Jetzt Ausprobieren

Cisco IOS XE Web UI Vulnerability Audit

Security Software Vulnerability

Locate Cisco Devices Vulnerable to CVE-2023-20198 in Your Network

Cisco has released a security advisory warning users about a critical zero-day vulnerability in the web UI  of their IOS XE software. The security flaw received a maximum CVSS score of 10.0. There is already evidence of the flaw being exploited in the wild. Successful exploitation could allow a remote attacker to create an account on an affected system with privilege level 15 access. They could then use this account to gain full control of the targeted system.

At the moment, there is no patch available yet, but Cisco has included detailed instructions in their advisory to locate and protect at-risk systems. You can read more about this vulnerability in our Cisco IOS XE Web UI vulnerability blog.

The report below will help you find any Cisco devices in your network that make use of the IOS XE software. Make sure to check out Cisco’s security advisory and follow their instructions to protect your network. Simply run the report to get a complete overview of your environment.

Run the Cisco IOS XE Web UI Vulnerability Audit Now!

Cisco IOS XE Web UI Vulnerability Audit Lansweeper On-Prem Query

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssets.Description,
Subquery1.Label As OIDLabel,
Subquery1.Data As Version,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select tblOIDData.AssetID,
tblOIDData.Label,
tblOIDData.Data
From tblOIDData
Where tblOIDData.[Key] = '1.3.6.1.2.1.47.1.1.1.1.9.1001') As Subquery1 On Subquery1.AssetID =
tblAssets.AssetID
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where tblAssetCustom.Manufacturer Like '%cisco%' and
(tblAssetCustom.Model Like '%Catalyst%9200%' or
tblAssetCustom.Model Like '%Catalyst%9300%' or
tblAssetCustom.Model Like '%Catalyst%9400%' or
tblAssetCustom.Model Like '%Catalyst%9500%' or
tblAssetCustom.Model Like '%Catalyst%9600%' or
tblAssetCustom.Model Like '%IE%9320%' or
tblAssetCustom.Model Like '%IE%9310X%' or
tblAssetCustom.Model Like '%Catalyst%9800%' or
tblAssetCustom.Model Like '%Catalyst%9136%' or
tblAssetCustom.Model Like '%Catalyst%9166%' or
tblAssetCustom.Model Like '%Catalyst%9164%' or
tblAssetCustom.Model Like '%Catalyst%9162%' or
tblAssetCustom.Model Like '%Catalyst%9130%' or
tblAssetCustom.Model Like '%Catalyst%9120%' or
tblAssetCustom.Model Like '%Catalyst%9115%' or
tblAssetCustom.Model Like '%Catalyst%9105i%' or
tblAssetCustom.Model Like '%Catalyst%9105w%' or
tblAssetCustom.Model Like '%ASR%1001-X%' or
tblAssetCustom.Model Like '%ASR%1002-HX%' or
tblAssetCustom.Model Like '%ASR%1006-X%' or
tblAssetCustom.Model Like '%ASR%1009-X%' or
tblAssetCustom.Model Like '%ASR%900%' or
tblAssetCustom.Model Like '%ASR%903%' or
tblAssetCustom.Model Like '%ASR%907%' or
tblAssetCustom.Model Like '%ASR%914%' or
tblAssetCustom.Model Like '%NCS%4201%' or
tblAssetCustom.Model Like '%NCS%4202%' or
tblAssetCustom.Model Like '%NCS%4206%' or
tblAssetCustom.Model Like '%NCS%4216%' or
tblAssetCustom.Model Like '%Catalyst%8000%' or
tblAssetCustom.Model Like '%Catalyst%8200%' or
tblAssetCustom.Model Like '%Catalyst%8300%' or
tblAssetCustom.Model Like '%Catalyst%8500%' or
tblAssetCustom.Model Like '%ISR%4221%' or
tblAssetCustom.Model Like '%ISR%4331%' or
tblAssetCustom.Model Like '%ISR%4431%' or
tblAssetCustom.Model Like '%ISR%4461%' or
tblAssetCustom.Model Like '%ISR%1100%' or
tblAssetCustom.Model Like '%ISR%1101%' or
tblAssetCustom.Model Like '%ISR%1109%' or
tblAssetCustom.Model Like '%ISR%111x%' or
tblAssetCustom.Model Like '%ISR%1111x%' or
tblAssetCustom.Model Like '%ISR%1120%' or
tblAssetCustom.Model Like '%ISR%1131%' or
tblAssetCustom.Model Like '%ISR%1160%' or
tblAssetCustom.Model Like '%IR%1100%' or
tblAssetCustom.Model Like '%IR%1800%' or
tblAssetCustom.Model Like '%IR%8100%' or
tblAssetCustom.Model Like '%IR%8300%' or
tblAssetCustom.Model Like '%CSR%1000v%' or
tblAssetCustom.Model Like '%cBR%')
And tblState.Statename =
'Active'
Order By tblAssetCustom.Model,
tblAssets.IPAddress

Show

Hide