Cisco Discloses Actively Exploited Zero-Day Vulnerability Impacting IOS XE Devices

Cisco disclosed a critical zero-day vulnerability (CVE-2023-20198) being actively exploited in the wild that allows takeover of devices.

The flaw impacts devices running IOS XE software with the HTTP server feature enabled and exposed to the internet.

Cisco recommends disabling the HTTP server feature as there is no patch yet.

Cisco's Talos team found two clusters of related activity exploiting this flaw, starting in September.

The attackers are creating privileged local accounts and in some cases installing an implant for persistent access.