Cisco Patches Two Dangerous Zero-Day Vulnerabilities

/in


The vulnerabilities, one of which was rated critical and one of which was rated highly severe, affect Cisco IOS XE software.

Homepage of cisco website on the display of PC.
Image: mehaniq41/Adobe Stock

Cisco has patched two zero-day vulnerabilities that exposed Cisco IOS XE system software hosts to attackers. These vulnerabilities affected devices running the Cisco IOS XE software, such as routers and switches.

The update, including the patches, is available at Cisco’s software download portal. Customers who do not have a Cisco service contract or cannot obtain fixed software through their third-party vendors can contact Cisco support.

Jump to:

Cisco Threat Intelligence Group releases fixes and new curl command for IOS XE vulnerability

Fixes for CVE-2023-20198 and CVE-2023-20273 started to roll out on October 22, the Cisco Talos Intelligence Group wrote in a threat advisory updated on October 23.

The fixes appear in the 17.9.4a update to the 17.9 Cisco IOS XE software release train, according to the U.S. Cybersecurity & Infrastructure Security Agency.

CVE-2023-20198 allowed attackers to exploit a vulnerability in the Web UI of Cisco IOS XE software to gain privilege level 15 access. CVE-2023-20273 allowed an attacker with privilege level 15 access to inject commands with root privileges. In the Common Vulnerability Scoring System, CVE-2023-20198 is rated critical, and CVE-2023-20273 is rated high severity.

On October 22, Cisco provided a new curl command to check for infected devices. The curl command can be found in the threat advisory.

On October 23, the Cisco Talos Intelligence Group identified an updated version of the implant that allows the attackers to execute arbitrary commands at the system level or IOS level (Figure A). The fixes address the updated version of the implant. This updated implant, plus Fox-IT’s discovery that attackers may have hidden themselves over the last few days shows that the vulnerability is still being exploited.

Figure A

The updated malicious implant used as part of the exploitable vulnerability.
The updated malicious implant used as part of the exploitable vulnerability. Image: Cisco Talos Intelligence Group

The IOS XE vulnerabilities were first discovered on September 28

Cisco first began to suspect something was wrong on…

Source…