Users are recommended to fix the significant security hole reported by Cisco right now.

Users are recommended to fix the significant security hole reported by Cisco right now:Attackers are given the keys to the realm through a 10/10 fault.

According to the business, hackers are using a serious flaw in some Cisco devices to take complete administrative control over whole networks.

The business recommended users to immediately deploy the recently published fix in a security advisory from its Talos research team.

The Cisco IOS XE software linked to the public internet has a vulnerability in its Web User Interface. As a result, full device takeover is possible on any Cisco endpoint (routers, switches, etc.) running the software, having HTTP and HTTPS Server functionality enabled, and being connected to the internet. According to Ars Technica, the vulnerability, which is presently tracked as CVE-2023-20198 and has a severity level of 10, affects about 80,000 endpoints.

Releasing malware

According to Cisco Talos’ alert, “successful exploitation of this vulnerability allows an attacker to create an account on the affected device with privilege level 15 access, effectively granting them full control of the compromised device and allowing for potential subsequent unauthorised activity.” This is a serious vulnerability, and we highly advise affected organisations to take the actions suggested in Cisco’s PSIRT advisory right now.

The flaw has allegedly been used for at least a month by someone. Who or what they are up against is unknown. What is known is that the issue was being used by the attackers to inject malware that launches when the web server restarts. Although the local user account will continue to be active and allow the attackers to repeat the attack if necessary, the malware cannot survive a reboot. The issue, according to Ars Technica, is “relatively easy to exploit” and enables attackers to carry out a variety of harmful operations.

Another technique to ensure the security of your devices is to never enable HTTP and HTTPS Server capabilities on systems that are connected to the internet.

Leave a Comment