More than 40000 devices were affected by Cisco zero-day vulnerabilities CVE-2023-20198 and 2023-20273, impacting the operations of many businesses worldwide. SharkStriker shows a way to be prepared against them.
CVE 2023-20198 – CISCO’s maximum severity zero-day vulnerabilities Cisco has issued an alert over its critical zero-day vulnerability detected in their IOS XE software range. The vulnerability is targeted toward systems that have HTTP/HTTP servers turned on. More than 40000 Cisco devices are now affected by this vulnerability, with 10,000 Cisco devices found with an implant for arbitrary code execution. The critical vulnerability CVE-2023-20198 is assigned a severity rating of 10. That is the highest rating given on a CVSS vulnerability severity scale. It is present in the Web UI component of IOS XE software. This vulnerability allows privilege escalation that enables an attacker to gain a full takeover of the system in that he has implanted the malware to. It means that cyber attackers can exploit this vulnerability to hijack a CISCO router and gain control of it. The countries that are impacted the most by this vulnerability include the US, the Philippines, Mexico, Chile, and India. Here are some of the facts about the said critical vulnerability: More than 6509 hosts were affected in the US alone There was a 40% jump in the number of hosts affected within 24 hours of detection Earlier CISCO had issued high-severity vulnerability CVE202344487 
The attackers have exploited the devices by creating new accounts on the devices and gaining root control of the system using Lua-based implants that allow them to execute independent commands. According to Cisco, attackers first exploited the IOS XE command injection vulnerability that was tracked as CVE 2021 1435 to deploy the implant, but Cisco found that there were more zero-day vulnerabilities that have enabled attackers to attack systems patched against the said vulnerability. Later Cisco confirmed that there was another zero-day vulnerability that was being tracked as CVE-2023-20273. Cisco has released an official advisory that said that
“The attacker first exploited the CVE 2023 20189 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging another new local user to elevate privilege to root and write the implant to the file system.” Cisco has added that CVE 2021 1435 isn’t exploited anymore to orchestrate these attacks.
Over 40000+ devices were affected in this massive zero-day vulnerability exploitation by attackers wherein they would gain full control of the system by injecting it with malware.
The vulnerabilities were grouped as CSCwh87343 were found in Cisco devices that were based on IOS XE software. CVE-2023-20273 has been assigned a maximum severity score of 10 whereas CVE 2023-20198 assigned 7.2. SharkStriker identifies and implements some security measures to proactively render assistance to its customers and partners worldwide to mitigate the effects of this vulnerability.
To ensure that their IT environment is secure, we have engaged in round-the-clock security.
You must be logged in to post a comment.