Skip to main content

Cisco IOS XE Escalation of Privilege Vulnerability

Last Update Date: 24 Oct 2023 Release Date: 17 Oct 2023 4306 Views

RISK: Extremely High Risk

TYPE: Operating Systems - Networks OS

TYPE: Networks OS

A vulnerability was identified in Cisco IOS XE. A remote attacker could exploit this vulnerability to trigger elevation of privilege on the targeted system.

 

Note:
CVE-2023-20198 and CVE-2023-20273 is being exploited in the wild.

Cisco is aware of active exploitation of a previously unknown vulnerability (CVE-2023-20198) in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks.

The web UI and management services should not be exposed to the internet or to untrusted networks.

 

[Updated at 2023-10-17]

No patch is currently available for CVE-2023-20198.

 

[Updated at 2023-10-24]

The first fixed software releases have been available. Please refer to the Solutions for more details.

 

CVE-2023-20273 is being exploited in the wild.

The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access.

The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue.


Impact

  • Elevation of Privilege

System / Technologies affected

  • Cisco IOS XE

Solutions

Please visit the vendor web-site for more details.

Cisco strongly recommends that customers disable the HTTP Server feature on all internet-facing systems. To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode. If both the HTTP server and HTTPS server are in use, both commands are required to disable the HTTP Server feature.


Vulnerability Identifier


Source


Related Link