A critical security flaw has been found in Cisco devices running IOS XE software. The flaw lets attackers surreptitiously create high-privilege accounts on those devices. Millions of devices worldwide—including routers, switches, and others—run that software. Tens of thousands have already been compromised. So immediate action is imperative.
Those actions are:
- Updating all devices to the latest version of IOS XE.
- Checking device logs for unusual activity or files.
- Disabling devices’ HTTP Server function wherever it is not absolutely necessary.
We are already fixing this problem for our clients. I just wanted to make sure you were aware of the situation.
Please don't hesitate to reach out to us if you have any questions about your own vulnerability and how you can remediate it.
Technical Details:
- Vulnerability ID: CVE-2023-20198 NVD - CVE-2023-20198 (nist.gov)
- Impact: Stealthy creation of unauthorized high-privilege accounts
- Affected versions: IOS XE 16.10.1, 16.11.1, and 16.12.1
- Affected feature: Web UI of IOS XE
Dedicated to your security.
