CISCO IOS XE SOFTWARE WEB UI PRIVILEGE ESCALATION VULNERABILITY CVE-2023-20198

Advisory No: TZCERT/SA/2023/10/20

Date of First Release: 20^th October 2023

Source: CISCO

Software Affected: Cisco IOS XE Software

Overview:

Cisco has issued an advisory detailing a Zero-Day vulnerability which has resulted to active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks.

Description:

A Cisco IOS XE Software with an enabled Web UI feature (HTTP through ip http server command or HTTPS through ip http secure–server command) is affected with this vulnerability and allows a remote unauthenticated attacker to create an account and use it to gain access to the system.

The Web User Interface (Web UI) provides network administrators with a single solution for provision, monitoring, and optimizing devices.

Impact:

Successful exploitation of this vulnerability may allow a remote unauthenticated attacker to create an account to an affected system with a privilege level 15 access and use the account to gain control of an affected system.

Solution:

Cisco strongly recommends that users restrict access to those services to the trusted network or disable the HTTP Server features on all internet-facing systems.

Reference:

1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
2. https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/