Home Cisco addresses critical IOS XE vulnerabilities

Cisco addresses critical IOS XE vulnerabilities

Cisco, a prominent network equipment provider, recently tackled two critical vulnerabilities (CVE-2023-20198 and CVE-2023-20273) impacting over 50,000 IOS XE devices. Within the past week, cybercriminals exploited these vulnerabilities, enabling them to breach and fully control the affected devices. Consequently, Cisco has released free software to rectify these security issues. The software patch provided by Cisco effectively addresses and resolves the vulnerabilities, ensuring that the affected IOS XE devices are protected against further exploitation. Customers are urged to prioritize the prompt application of this update to minimize potential risks and maintain a secure network infrastructure.

Here are details of the vulnerability and initial software fixes

As per the company’s update, the initial fixed software release is now available, with version 17.9.4a being the first to be deployed. Although additional updates are expected, the release dates have yet to be announced. Both recognized vulnerabilities are associated with the web UI of Cisco devices operating the IOS XE software. The severity ratings attributed to these vulnerabilities are 10/10 (maximum) for CVE-2023-20198 and 7.2 (high) for CVE-2023-20273. These vulnerabilities, if exploited, could enable an unauthenticated remote attacker to carry out various malicious actions, including gaining unauthorized access to sensitive information and executing arbitrary code on the device. Cisco has strongly advised its users to apply the patches as soon as possible to mitigate the risks associated with these vulnerabilities and prevent potential security breaches.

In-depth analysis of attackers’ methods

Cisco revealed that the adversaries initially infiltrated the devices by exploiting the critical vulnerability and then issued a privilege 15 command to establish a local account. Cisco devices have command permissions that range from levels zero to 15, with 15 being the highest privileged level, allowing complete control of the device. This infiltration and granting of level 15 privileges effectively gives the attackers full access to the device’s functions and features, enabling them to manipulate, disrupt, or compromise the system in any manner they choose. As such, network administrators must secure their Cisco devices by promptly patching the identified vulnerability and monitoring for any suspicious activity to prevent such unauthorized access.

The attacker subsequently utilized CVE-2023-20273 to elevate the newly created local user’s privileges and incorporated a malicious script into the file system. However, the implant is non-persistent, and rebooting the device will eliminate it. Despite the non-persistence of the implant, it can still cause significant damage while, in effect, giving the attacker heightened capabilities and access to sensitive data. To mitigate risks associated with this CVE, it is crucial for organizations to apply security patches, closely monitor their systems, and ensure staff adhere to best cybersecurity practices.

Featured Image Credit: Photo by Connor Danylenko; Pexels; Thank you!

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Deanna was an editor at ReadWrite until early 2024. Previously she worked as the Editor in Chief for Startup Grind, Editor in Chief for Calendar, editor at Entrepreneur media, and has over 20+ years of experience in content management and content development.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.