Configure
Build your server

Cisco IOS XE 0-Day Vulnerability - CVE-2023-20198

Cisco IOS XE 0-Day Vulnerability - CVE-2023-20198 30 October 2023

Introduction

Cisco has recently identified a critical security vulnerability in its Cisco IOS XE operating system, denoted as CVE-2023-20198. This vulnerability carries a CVSS score of 10, representing the highest level of criticality. The discovery of this vulnerability was prompted by multiple customer support inquiries to Cisco TAC.

Details

Cisco is urgently advising all customers to disable the HTTPS Server feature on all their Internet-facing IOS XE devices to mitigate the risk associated with this zero-day vulnerability in the web interface. Malicious actors are already actively exploiting this vulnerability.

Cisco IOS XE is the operating system used in Cisco's next-generation corporate network equipment. CVE-2023-20198 affects all Cisco IOS XE devices with the web interface feature enabled. Currently, there is no patch or workaround available to address this vulnerability.

For more information, please refer to Cisco's official security advisory: Cisco Security Advisory

Impact

This vulnerability allows unauthenticated remote attackers to create an account on the vulnerable system with privileged access level 15. Subsequently, attackers can leverage this account to gain full control over the compromised system. In the Cisco IOS system, privilege level 15 equates to unrestricted access to all commands.

Detection

To determine whether the HTTP server feature is enabled on your system, log in and use the following command in the command-line interface:

show running-config | include ip http server|secure|active

If either of the following commands is present in the global configuration, the HTTP server feature is enabled: ip http server and ip http secure-server.


If the ip http server command is present, and the configuration also contains ip http active-session-modules none, the vulnerability cannot be exploited via HTTP. Likewise, if the ip http secure-server command is present, and the configuration includes ip http secure-active-session-modules none, the vulnerability cannot be exploited via HTTPS.

Conclusion

Cisco's discovery of the CVE-2023-20198 vulnerability in Cisco IOS XE underscores the critical need for immediate action. By disabling the HTTPS Server feature on affected devices, organizations can protect themselves from the active exploitation of this zero-day vulnerability. Cisco is actively working on a solution to address this issue, and users are advised to stay updated with Cisco's security advisories for further developments and patches.