![]() Suspect admin accounts might be named “cisco_tac_admin” or “cisco_support”. Monitor for potential breaches by searching for new or unexplained users on devices. Cisco has stressed that this feature should never be active on such systems. Estimates suggest up to 80,000 Internet-connected devices could be affected.Ĭurrent Status: Cisco's Talos security team has provided immediate measures to counteract this threat.ĭeactivate the HTTP and HTTPS server feature on any Internet-facing systems. Vulnerable Products: Any Cisco switch, router, or wireless LAN controller running IOS XE with the HTTP or HTTPS Server feature enabled and exposed online. The implant is temporary, being eliminated upon reboot, but created user accounts persist. Upon exploitation, attackers have primarily been deploying an implant, enabling them to run malicious commands. ![]() Impact: Allows attackers to create an admin-level account, granting them full control of the compromised device.Įxploitation: Active exploitation has been observed since at least September 18. Severity Rating: 10 out of 10 – the highest severity. ![]() Urgent Security Alert: Cisco Zero-Day Vulnerability Under Active ExploitationĬisco has identified a grave zero-day vulnerability (CVE-2023-20198) within the Web User Interface of their IOS XE software, posing a significant threat to exposed Internet and untrusted networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |