Cisco zero-day bug allows router hijacking and is being actively exploited Cisco users' weeks have started badly with a warning that a critical zero-day bug in the networking giant's IOS XE software that allows criminals to hijack devices has been exploited in the wild. The vulnerability, CVE-2023-20198, received a (im)perfect 10 CVSS severity rating from the networking giant, and Cisco is yet to …
"any switch, router or WLC running IOS XE and has the web UI exposed to the internet is vulnerable"
Seems wierd that anyone would expose a routers admin UI to the Internet. Even if you did it by accident you would immediately get a lot of traffic flagged as bots target you.
>>...unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks,
So there isn't a vulnerability when exposed to trusted networks?
The vulnerability doesn't go away just becasue you are connected to not("The Internet" or "untrusted network") - its still there and exploitable if the services are running.
WTAF is a "trusted network" these days anyway? I thought the idea was to assume everything is a threat - you never know when a trojan might be present on your intranet and happily creating level 15 access to your routers becasue you truted the intranet.
Cisco should spend less time trying to stop business re-selling heir kit and focus on making their equipment more resilient. This is not the first, and wont be the last, CVE we will see.
Like all of the big software vendors they don't stop to remove the bloat and just keep patching in knee-jerk mode. Microsoft, Adobe are you listening?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
