Posted 10/20/2023, 10:12:28 PM
Over 40,000 Cisco Devices Hacked Using Two Newly Disclosed IOS XE Zero-Days
- Cisco disclosed two new IOS XE zero-days (CVE-2023-20198, CVE-2023-20273) being exploited to deploy malware
- The zero-days allow unauthenticated access and privilege escalation to gain root access on devices
- Over 40,000 Cisco devices already compromised using the unpatched vulnerabilities
- Fixes estimated to be released on October 22, admins urged to disable HTTP server feature
- CVE-2023-20273 used after CVE-2023-20198 to deploy implants and execute arbitrary commands