+1 (786) 755-8181
Configure
Build your server
5.0
Rated excellent
  • Home
  • Blog
  • Cisco IOS XE 0-Day Vulnerability - CVE-2023-20198

Cisco IOS XE 0-Day Vulnerability - CVE-2023-20198

Cisco IOS XE 0-Day Vulnerability - CVE-2023-20198 30 October 2023

Introduction

Cisco has recently identified a critical security vulnerability in its Cisco IOS XE operating system, denoted as CVE-2023-20198. This vulnerability carries a CVSS score of 10, representing the highest level of criticality. The discovery of this vulnerability was prompted by multiple customer support inquiries to Cisco TAC.

Details

Cisco is urgently advising all customers to disable the HTTPS Server feature on all their Internet-facing IOS XE devices to mitigate the risk associated with this zero-day vulnerability in the web interface. Malicious actors are already actively exploiting this vulnerability.

Cisco IOS XE is the operating system used in Cisco's next-generation corporate network equipment. CVE-2023-20198 affects all Cisco IOS XE devices with the web interface feature enabled. Currently, there is no patch or workaround available to address this vulnerability.

For more information, please refer to Cisco's official security advisory: Cisco Security Advisory

Impact

This vulnerability allows unauthenticated remote attackers to create an account on the vulnerable system with privileged access level 15. Subsequently, attackers can leverage this account to gain full control over the compromised system. In the Cisco IOS system, privilege level 15 equates to unrestricted access to all commands.

Detection

To determine whether the HTTP server feature is enabled on your system, log in and use the following command in the command-line interface:

show running-config | include ip http server|secure|active

If either of the following commands is present in the global configuration, the HTTP server feature is enabled: ip http server and ip http secure-server.


If the ip http server command is present, and the configuration also contains ip http active-session-modules none, the vulnerability cannot be exploited via HTTP. Likewise, if the ip http secure-server command is present, and the configuration includes ip http secure-active-session-modules none, the vulnerability cannot be exploited via HTTPS.

Conclusion

Cisco's discovery of the CVE-2023-20198 vulnerability in Cisco IOS XE underscores the critical need for immediate action. By disabling the HTTPS Server feature on affected devices, organizations can protect themselves from the active exploitation of this zero-day vulnerability. Cisco is actively working on a solution to address this issue, and users are advised to stay updated with Cisco's security advisories for further developments and patches.


Cisco
Cisco UCS C240-M5 24SFF
  • 2U (rackmount)
  • up to 2 Xeon Scalable
  • up to 3072 GB (24 x DDR4)
  • 24SFF Bay 2.5" (Hot Swap)
  • 2 x PSU (Hot Plug)
Configure

Specialists of our company are ready to help you purchase the server and select the necessary server configuration for any required task.


Related Information:


Your privacy
By clicking “Accept all cookies”, you agree Stack Exchange can store cookies on your device and disclose information in accordance with our Cookie Policy.
Accept all cookies