【Vulnerability Alert】​Cisco IOS XE High-Risk Security Vulnerability (CVE-2023-20198): Remote Attackers Can Gain Control Without Authentication. Please Refer to Official Recommendations for Immediate Action.

publish date : 2023-10-24 update date : 2024-04-15

Source: Ministry of education information & communication security contingency platform

Publication Number TACERT-ANA-2023102301103535 Publication Time 2023/10/23 13:07
Incident Type ANA-Vulnerability Alert Discovery Time 2023/10/23 13:07
Impact Level Medium    
[Subject]
【Vulnerability Alert】​Cisco IOS XE High-Risk Security Vulnerability (CVE-2023-20198): Remote Attackers Can Gain Control Without Authentication. Please Refer to Official Recommendations for Immediate Action.
[Content]
Forwarded from the National Institute of Cyber Security NISAC-200-202310-00000022 .

Researchers have discovered a high-risk security vulnerability (CVE-2023-20198) in the web interface of Cisco IOS XE. This vulnerability allows remote attackers to create a Level 15 high-privilege account without authentication, enabling them to gain control over the affected system. This vulnerability is actively being exploited by hackers. Official patches are under development, and updates will be provided on the official website.

Information Sharing Level: WHITE (Information that can be publicly disclosed).
[Affected Platform]
 All Cisco IOS XE devices with the web interface (Web UI) enabled are vulnerable.
[Recommended Actions]
At present, Cisco has not released a patch but has issued recommendations. Please refer to the "Recommendations" section on Cisco's official website. It is advised to disable the HTTP Server functionality or allow HTTP/HTTPS connections only from trusted devices. For more information, visit: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z#REC
[Reference]
 1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
 2. https://nvd.nist.gov/vuln/detail/CVE-2023-20198
 3. https://arstechnica.com/security/2023/10/actively-exploited-cisco-0-day-with-maximum-10-severity-gives-full-network-control/
 4. https://www.darkreading.com/vulnerabilities-threats/critical-unpatched-cisco-zero-day-bug-active-exploit
 5. https://www.ithome.com.tw/news/159338
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center