Cisco Discloses Actively Exploited Zero-Day Vulnerability Impacting IOS XE Devices
-
Cisco disclosed a critical zero-day vulnerability (CVE-2023-20198) being actively exploited in the wild that allows takeover of devices.
-
The flaw impacts devices running IOS XE software with the HTTP server feature enabled and exposed to the internet.
-
Cisco recommends disabling the HTTP server feature as there is no patch yet.
-
Cisco's Talos team found two clusters of related activity exploiting this flaw, starting in September.
-
The attackers are creating privileged local accounts and in some cases installing an implant for persistent access.