CISA: CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities
CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities
Today, CISA, in response to active, widespread exploitation, released guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). An unauthenticated remote actor could exploit these vulnerabilities to take control of an affected system. Specifically, these vulnerabilities allow the actor to create a privileged account that provides complete control over the device.
CISA urges organizations running Cisco IOS XE Web UI to review CISA’s guidance and immediately implement the mitigations outlined in:
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature
- Cisco Talos blog: Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities
These mitigations include disabling the HTTP Server feature on internet-facing systems, and hunt for malicious activity on their network.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
