Cisco IOS XE Escalation of Privilege Vulnerability
RISK: Extremely High Risk
TYPE: Operating Systems - Networks OS
A vulnerability was identified in Cisco IOS XE. A remote attacker could exploit this vulnerability to trigger elevation of privilege on the targeted system.
Note:
CVE-2023-20198 is being exploited in the wild.
Cisco is aware of active exploitation of a previously unknown vulnerability (CVE-2023-20198) in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks.
The web UI and management services should not be exposed to the internet or to untrusted networks.
[Updated at 2023-10-17]
No patch is currently available for CVE-2023-20198.
Impact
- Elevation of Privilege
System / Technologies affected
- Cisco IOS XE
Solutions
Please visit the vendor web-site for more details.
Cisco strongly recommends that customers disable the HTTP Server feature on all internet-facing systems. To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode. If both the HTTP server and HTTPS server are in use, both commands are required to disable the HTTP Server feature.
沒有留言:
發佈留言