A vulnerability was identified in Cisco IOS XE. A remote attacker could exploit this vulnerability to trigger elevation of privilege on the targeted system.
CVE-2023-20198 is being exploited in the wild.
Cisco is aware of active exploitation of a previously unknown vulnerability (CVE-2023-20198) in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks.
The web UI and management services should not be exposed to the internet or to untrusted networks.
[Updated at 2023-10-17]
No patch is currently available for CVE-2023-20198.
RISK: Extremely High Risk
TYPE: Operating Systems – Networks OS
- Elevation of Privilege
System / Technologies affected
- Cisco IOS XE
Please visit the vendor web-site for more details.
Cisco strongly recommends that customers disable the HTTP Server feature on all internet-facing systems. To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode. If both the HTTP server and HTTPS server are in use, both commands are required to disable the HTTP Server feature.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.