Cisco IOS XE Escalation of Privilege Vulnerability
RISK: Extremely High Risk
TYPE: Operating Systems - Networks OS
A vulnerability was identified in Cisco IOS XE. A remote attacker could exploit this vulnerability to trigger elevation of privilege on the targeted system.
Note:
CVE-2023-20198 and CVE-2023-20273 is being exploited in the wild.
Cisco is aware of active exploitation of a previously unknown vulnerability (CVE-2023-20198) in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks.
The web UI and management services should not be exposed to the internet or to untrusted networks.
[Updated at 2023-10-17]
No patch is currently available for CVE-2023-20198.
[Updated at 2023-10-24]
The first fixed software releases have been available. Please refer to the Solutions for more details.
CVE-2023-20273 is being exploited in the wild.
The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access.
The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue.
Impact
- Elevation of Privilege
System / Technologies affected
- Cisco IOS XE
Solutions
Please visit the vendor web-site for more details.
Cisco strongly recommends that customers disable the HTTP Server feature on all internet-facing systems. To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode. If both the HTTP server and HTTPS server are in use, both commands are required to disable the HTTP Server feature.
Vulnerability Identifier
Source
Related Link
Related Tags
Share with