Advisory No: TZCERT/SA/2023/10/20
Date of First Release: 20th October 2023
Source: CISCO
Software Affected: Cisco IOS XE Software
Overview:
Cisco has issued an advisory detailing a Zero-Day vulnerability which has resulted to active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks.
Description:
A Cisco IOS XE Software with an enabled Web UI feature (HTTP through ip http server command or HTTPS through ip http secure–server command) is affected with this vulnerability and allows a remote unauthenticated attacker to create an account and use it to gain access to the system.
The Web User Interface (Web UI) provides network administrators with a single solution for provision, monitoring, and optimizing devices.
Impact:
Successful exploitation of this vulnerability may allow a remote unauthenticated attacker to create an account to an affected system with a privilege level 15 access and use the account to gain control of an affected system.
Solution:
Cisco strongly recommends that users restrict access to those services to the trusted network or disable the HTTP Server features on all internet-facing systems.
Reference:
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
- https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/