Advisory No: TZCERT/SA/2023/10/20

Date of First Release: 20^th October 2023

Source: CISCO

Software Affected: Cisco IOS XE Software

Overview:

Cisco has issued an advisory detailing a Zero-Day vulnerability which has resulted to active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks.

Description:

A Cisco IOS XE Software with an enabled Web UI feature (HTTP through ip http server command or HTTPS through ip http secure–server command) is affected with this vulnerability and allows a remote unauthenticated attacker to create an account and use it to gain access to the system.

The Web User Interface (Web UI) provides network administrators with a single solution for provision, monitoring, and optimizing devices.

Impact:

Successful exploitation of this vulnerability may allow a remote unauthenticated attacker to create an account to an affected system with a privilege level 15 access and use the account to gain control of an affected system.

Solution:

Cisco strongly recommends that users restrict access to those services to the trusted network or disable the HTTP Server features on all internet-facing systems.

Reference:

1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
2. https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/

Cisco has released security updates to address a vulnerability in Cisco IOS XE Software. Exploitation of this vulnerability may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review the Cisco Security Advisory and apply necessary updates.

Google has released security updates to address vulnerabilities in Chrome Dev for Desktop. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Chrome Security Releases and apply necessary updates.

Oracle has released security updates to address vulnerabilities in Oracle Linux OS. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Oracle Security Advisories dated 17^th October 2023 and apply necessary updates.

SUSE has released security updates to address vulnerabilities in SUSE OS. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review SUSE Security Advisories dated 17^th October 2023 and apply necessary updates.