Announcements > News Articles

10,000 Cisco network devices backdoored through unpatched 0-day

(1/1)

Alex Atkin UK:
Meant to post this last week.

https://arstechnica.com/security/2023/10/actively-exploited-cisco-0-day-with-maximum-10-severity-gives-full-network-control/


--- Quote ---The previously unknown vulnerability, which is tracked as CVE-2023-20198, carries the maximum severity rating of 10. It resides in the Web User Interface of Cisco IOS XE software when exposed to the Internet or untrusted networks. Any switch, router, or wireless LAN controller running IOS XE that has the HTTP or HTTPS Server feature enabled and exposed to the Internet is vulnerable. On Monday, the Shodan search engine showed that as many as 80,000 Internet-connected devices could be affected.
--- End quote ---

Although quite why any of these devices would have the web UI exposed to the Internet to begin with is beyond me.

dee.jay:

--- Quote ---Any switch, router, or wireless LAN controller running IOS XE that has the HTTP or HTTPS Server feature enabled and exposed to the Internet is vulnerable.
--- End quote ---

From looking at the documentation: - (https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/https/configuration/xe-17/https-xe-17-book/HTTP_1-1_Web_Server_and_Client.html)


--- Quote ---The HTTP/HTTPS server is disabled by default.
--- End quote ---

Most engineers worth their salt would leave it that way, too.

XGS_Is_On:
Nothing wrong with using a GUI if it's convenient and appropriate :)

Having that GUI reachable from untrusted sources not so much.

Navigation

[0] Message Index