Cisco Reveals Zero-Day Vulnerabilities in IOS XE Devices: Urgent Security Measures Required

In recent developments, Cisco has uncovered not one, but two zero-day vulnerabilities targeting its IOS XE devices. These serious security breaches allow malicious actors to gain unauthorized access and execute harmful activities on vulnerable devices. This article will provide a comprehensive overview of the situation, explaining the nature of the vulnerabilities, their impact, and how to protect your Cisco IOS XE devices.

What are Zero-Day Vulnerabilities?

Zero-day vulnerabilities are software flaws that cybercriminals exploit before the software provider has a chance to release a patch, making them particularly dangerous.

The Initial Discovery: CVE-2023-20198

About a week ago, Cisco's security division, Cisco Talos, detected active exploitation attempts on a new, unknown vulnerability within the Web User Interface (Web UI) feature of Cisco IOS XE software. This vulnerability was identified as CVE-2023-20198 and had the potential to grant attackers elevated privileges on the target device. With this power, attackers could create user logins or local user accounts, causing significant security concerns.

Who Is at Risk?

The vulnerability primarily affected Cisco IOS XE devices, both physical and virtual, with the HTTP or HTTPS Server feature enabled. Shockingly, a Shodan search revealed approximately 40,000 devices vulnerable to these attacks.

The Severity of the Flaw

Due to the severity of the threat, Cisco assigned a critical severity rating to CVE-2023-20198, with a CVSS (Common Vulnerability Scoring System) score of 10.0, indicating that it grants admin privileges, which is a worst-case scenario for any security breach.

Cisco's Response: A Temporary Fix

While Cisco was unable to provide an immediate patch, they did offer a workaround to mitigate the risk. Their recommendation was to disable the HTTP server feature, particularly on devices exposed to the internet. This step is critical to safeguarding your device until a permanent solution becomes available.

The Follow-Up Discovery: CVE-2023-20273

Days after the initial disclosure, Cisco disclosed yet another zero-day vulnerability under active attack, identified as CVE-2023-20273. This vulnerability, also found in the Web UI feature, affected a different component. While it had a slightly lower CVSS score of 7.2, it allowed attackers to perform additional malicious activities on the target devices.

Potential for Combining Attacks

What makes CVE-2023-20273 particularly concerning is that it can be used in conjunction with CVE-2023-20198 to inject and execute malicious commands or implant malware on affected devices. This chain of exploits multiplies the potential harm, making immediate action even more critical.

Staying Safe

In both cases, Cisco has provided detailed information about the vulnerabilities and exploitation attempts. Until official security fixes are released, it is crucial for Cisco users to follow the steps recommended in Cisco's security advisory to secure their devices effectively.

Conclusion:

Cisco's revelation of two zero-day vulnerabilities in its IOS XE devices is a stark reminder of the constant threats to cybersecurity. Vigilance and proactive security measures are essential to safeguard against such threats. Stay informed, follow security advisories, and take the necessary steps to protect your devices from exploitation. 思科