Cisco’s CVE Alert: Oct. 2023


On October 17th, 2023, Cisco issued a warning regarding a critical security vulnerability (CVE-2023-20198) affecting its IOS XE software12The vulnerability, which has a severity rating of 10.0 on the CVSS scoring system, exists in the web UI feature of IOS XE and could allow an unauthenticated remote attacker to create a privileged account on affected devices31Successful exploitation of CVE-2023-20198 allows a remote, unauthenticated attacker to create an account on an affected device and use that account to obtain full administrator privileges, effectively enabling a complete takeover of the system3.

Cisco released a security advisory to address the vulnerability (CVE-2023-20198) affecting IOS XE Software Web UI on October 16th, 20234As of October 17th, 2023, there is no patch available for CVE-2023-201983Cisco recommends users and administrators to review the security advisory, apply the necessary recommendations, hunt for any malicious activity and report any positive findings to CISA, and apply patches when made available4.

This vulnerability is a zero-day vulnerability that is actively being exploited by cyber threat actors3. It is crucial that users and administrators take immediate action to mitigate the risk from this vulnerability. CISA encourages users and administrators to review the Cisco security advisory and apply the necessary recommendations4.