Cisco CVE-2023-20198
π Cisco warned of a critical authentication bypass zero-day vulnerability (CVE-2023-20198) in its IOS XE software that allows unauthenticated attackers to gain full administrative privileges.
π¨βπ» The vulnerability only affects devices with the Web User Interface (Web UI) feature enabled that also have the HTTP or HTTPS Server feature turned on.
π©βπ» Cisco discovered attacks exploiting this vulnerability on September 28 and October 12, with attackers creating local administrator accounts and deploying a malicious implant.
π As mitigation, Cisco recommends disabling the HTTP and HTTPS servers on affected devices to block attacks.
