Cisco IOS XE Software Web UI Privilege Escalation Vulnerability Exploited in the Wild
On October 16, 2023, Cisco warned of a critical severity (base score 10) privilege escalation vulnerability tracked as CVE-2023-20198 in IOS XE software [1]. Successful exploitation allows an attacker to create an account on the affected device with privilege level 15 access, granting full control of the compromised device and allowing unauthorized activity.
Since there is no workaround or patch available at the time of reporting, threat actors will very likely increasingly use CVE-2023-20198 exploits to obtain initial access from victim networks.
According to OSINT data source from Shodan, there are more than 143,000 publicly exposed Cisco IOS web servers possibly vulnerable to CVE-2023-20198. Sources from Shadowserver [2] suggest that over 32,000 Cisco IOS XE IPs are compromised with implants based on the check published by Cisco [3].
CERT Orange discovered 34.5 thousand Cisco IOS XE IPs devices with malicious implants [4], and released a Python script to check for existence of the malicious implant on a running Cisco IOS XE network device [5].
Article Link: Cisco IOS XE Web UI Privilege Escalation Vulnerability; Sandworm Targets Ukrainian Telecom