Cisco IOS XE Escalation of Privilege Vulnerability

A vulnerability was identified in Cisco IOS XE. A remote attacker could exploit this vulnerability to trigger elevation of privilege on the targeted system.

 

Note:
CVE-2023-20198 is being exploited in the wild.

Cisco is aware of active exploitation of a previously unknown vulnerability (CVE-2023-20198) in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks.

The web UI and management services should not be exposed to the internet or to untrusted networks.

 

[Updated at 2023-10-17]

No patch is currently available for CVE-2023-20198.

RISK: Extremely High Risk

TYPE: Operating Systems – Networks OS

TYPE: Networks OS

Impact

  • Elevation of Privilege

System / Technologies affected

  • Cisco IOS XE

Solutions

Please visit the vendor web-site for more details.

Cisco strongly recommends that customers disable the HTTP Server feature on all internet-facing systems. To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode. If both the HTTP server and HTTPS server are in use, both commands are required to disable the HTTP Server feature.


Vulnerability Identifier


Source


Related Link


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.