Cisco releases new security updates

31. October 2023
Critical

Cisco has released security updates for its products.
National CERT encourages users to apply available updates in order to prevent any kind of misuse by the attacker. Тhe most important is CVE-2023-20198 vulnerability.

CVE-2023-20198 is an escalation of privilege vulnerability in the web user interface function of Cisco's IOS XE software that affects physical and virtual devices that have the HTTP or HTTPS server function enabled. Exploitation of this vulnerability allows an attacker to gain full administrative privileges and unauthorized access to affected systems. After obtaining a privileged account, an attacker can create a local user account with normal privileges to exploit another IOS CSE Web UI vulnerability, CVE-2023-20273, to inject commands with elevated (root) privileges, allowing the attacker to run arbitrary commands on the device.

According to the Cisco Talos Blog, a threat actor can:

  • Exploit CVE-2023-20198 to gain initial access and create a privileged account.
  • Use a privileged account to create a local user account with normal privileges.
  • Using a local user account, exploit another Cisco IOS CSE Web UI vulnerability — CVE-2023-20273 — to inject commands with elevated (root) privileges, which allows an attacker to run arbitrary commands on the device.

Recomendation is to immediately implement the measures outlined in Cisco's recommendation, which include disabling the HTTP server function on Internet-facing systems and looking for malicious activity on their network.

For more details please visit: Cisco Security Advisory.

The website www.cert.rs uses cookies for improvement of user experience and website functionality. By continuing to browse this website, you agree to the use of cookies.

Details