CVE-2023-20198 - Cisco IOS XE Web UI Privilege Escalation Vulnerability

CVE-2023-20198: Cisco | IOS XE Web UI

Date Added:
2023-10-16

Due Date:
2023-10-20

Vulnerability Name: Cisco IOS XE Web UI Privilege Escalation Vulnerability

Description: Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.

Additional Notes: https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-dublin-17121/221128-software-fix-availability-for-cisco-ios.html; https://nvd.nist.gov/vuln/detail/CVE-2023-20198

Related News Articles: Zero-days dominate top frequently exploited vulnerabilitiesNovember 14, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard