A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / CISCO IOS XE SOFTWARE WEB UI PRIVILEGE ESCALATION VULNERABILITY CVE-2023-20198

CISCO IOS XE SOFTWARE WEB UI PRIVILEGE ESCALATION VULNERABILITY CVE-2023-20198

Advisory No: TZCERT/SA/2023/10/20

Date of First Release: 20th October 2023

Source: CISCO

Software Affected: Cisco IOS XE Software

Overview:

Cisco has issued an advisory detailing a Zero-Day vulnerability which has resulted to active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks.

Description:

A Cisco IOS XE Software with an enabled Web UI feature (HTTP through ip http server command or HTTPS through ip http secure–server command) is affected with this vulnerability and allows a remote unauthenticated attacker to create an account and use it to gain access to the system.

The Web User Interface (Web UI) provides network administrators with a single solution for provision, monitoring, and optimizing devices.

Impact:

Successful exploitation of this vulnerability may allow a remote unauthenticated attacker to create an account to an affected system with a privilege level 15 access and use the account to gain control of an affected system.

Solution:

Cisco strongly recommends that users restrict access to those services to the trusted network or disable the HTTP Server features on all internet-facing systems.

Reference:

  1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
  2. https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/

Check Also

Remote Code Execution Vulnerabilities in SolarWinds Access Rights Manager (ARM) (CVE-2024-23469, CVE-2024-23467, CVE-2024-23471)

Advisory No: TZCERT/SA/2024/07/19-3 Date of First Release: 19th July 2024 Source: SolarWinds Software Affected: SolarWinds …