CVE-2023-20273 - Cisco IOS XE Web UI Command Injection Vulnerability
Project:Cisco
Product:Cisco IOS XE Web UI
Date Added:2023-10-23Due Date:2023-10-27
Vulnerability Name
Cisco IOS XE Web UI Command Injection Vulnerability
Description
Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.
Additional Notes
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
https://nvd.nist.gov/vuln/detail/CVE-2023-20273
Related News Articles
Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISAFebruary 25, 2025
Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom NetworksFebruary 21, 2025
Salt Typhoon Exploits Cisco Devices in Telco InfrastructureFebruary 14, 2025
Chinese hackers breach more US telecoms via unpatched Cisco routersFebruary 14, 2025
RA World Ransomware Attack in South Asia Links to Chinese Espionage ToolsetFebruary 13, 2025