CISA: CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities With Additional Releases

cisa logo 002

CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities With Additional Releases


Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI).

The guidance now notes that Cisco has fixed these vulnerabilities for the 17.6 Cisco IOS XE software release train with the 17.6.6a update. According to Cisco’s Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature(link is external), fixes are still to be determined for the following Cisco IOS XE software release trains: 17.3, 16.12 (Catalyst 3650 and 3850 only). Cisco previously published the fixed release for 17.9, which is 17.9.4a, on Oct. 22. CISA urges organizations with the 17.9 and 17.6 Cisco IOS XE software release train to immediately update to the 17.9.4a and 17.6.6a releases, respectively.

CISA urges organizations to review:

CISA has added CVE-2023-20198 (on Oct. 16, 2023) and CVE-2023-20273 (on Oct. 23, 2023) to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.

 


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.