"Cisco Unveils Zero-Day Exploits and Pledges Swift Fixes for Thousands of Devices"

October 21, 2023 at 03:46 AM

•

1 min read

"Cisco Unveils Zero-Day Exploits and Pledges Swift Fixes for Thousands of Devices" — Photo: The Hacker News

TL;DR Summary

Cisco has issued a warning about a zero-day flaw in its IOS XE software that has been actively exploited by unknown threat actors to deploy a malicious Lua-based implant on vulnerable devices. The flaw, tracked as CVE-2023-20273, allows for privilege escalation through a web UI feature and has been used in conjunction with another vulnerability, CVE-2023-20198, to create an exploit chain. Cisco has identified a fix for both vulnerabilities, which will be available to customers starting October 22, 2023. In the meantime, it is recommended to disable the HTTP server feature. Over 41,000 Cisco devices running the vulnerable software are estimated to have been compromised, primarily affecting smaller entities and individuals.

Topics:business #cisco #cybersecurity #malicious-implant #network-security #privilege-escalation #zero-day-flaw

Share this article

Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices The Hacker News
Cisco discloses new IOS XE zero-day exploited to deploy malware implant BleepingComputer
Cisco Finds New Zero Day Bug, Pledges Patches in Days DARKReading
Cisco IOS XE Attacks: 7 Biggest Unanswered Questions CRN
Over 40,000 Cisco devices exploited with the latest zero-day vulnerability CSO Online

Reading Insights

Total Reads

Unique Readers

Time Saved

1 min

vs 3 min read

Condensed

72%

403 → 111 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights