Hackers Exploit Zero-Day Vulnerability in Cisco Routers With 'Highest Possible Severity Score'
Cisco Reveals Critical Security Threat
Overt Operator
October 17, 2023
Cisco issued a warning on Monday, October 17, about a newly discovered zero-day vulnerability that hackers are actively targeting, media reports stated.
The vulnerability, tracked as CVE-2023-20198, affects a line of Cisco software and carries the highest severity score possible. This article will discuss the details of the vulnerability, Cisco's response, and the potential risks associated with it.
The critical vulnerability, found in a feature called Web UI in Cisco IOS XE software, affects both physical and virtual devices running the software. The Web UI feature is designed to simplify deployment, manageability, and user experience.
However, this flaw allows attackers to exploit the vulnerability and gain full control of the affected router, granting them unauthorized access and potential subsequent malicious activities.
Cisco's Talos security team discovered the vulnerability during the resolution of multiple support cases where customers reported being hacked.
The first instance was identified on September 28, and further investigation revealed that the bug had been exploited as early as September 18. The severity and widespread nature of the vulnerability prompted Cisco to issue a public advisory and collaborate with the Cybersecurity and Infrastructure Security Agency (CISA) to address the issue.
To mitigate the risks associated with the vulnerability, Cisco recommends disabling the HTTP Server feature on all internet-facing systems. This precaution aligns with the repeated advice from CISA regarding the security measures for internet-exposed management interfaces. There is reportedly no workaround or available patch to completely resolve the issue, at the time of this report.
Due to the severity of the vulnerability, it is crucial for organizations using Cisco software to take immediate action. By disabling the HTTP Server feature, potential attackers will be prevented from creating unauthorized accounts and gaining full control of the affected devices.
Cisco's discovery of a critical zero-day vulnerability in its internet-exposed routers highlights the constant threat faced by organizations in the digital landscape. With the highest severity score possible, this vulnerability poses a significant risk to the security and integrity of affected devices.
Experts explain that following Cisco's recommendations and disabling the HTTP Server feature, organizations can enhance their security posture and mitigate potential attacks. It is essential for organizations to stay informed about emerging vulnerabilities and take proactive measures to protect their network infrastructure.