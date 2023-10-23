Patch arrives for Cisco's IOS XE

By

Second vulnerability disclosed.

Cisco has announced a fix for a vulnerability in its IOS XE software that allowed attackers to create privileged accounts on vulnerable devices.

Patch arrives for Cisco's IOS XE

The vendor said last week that the vulnerability was under exploitation by attackers, and promised to update customers when a patch was available.

On October 22, it updated its advisory to confirm a patch is now available.

At the same time, the company also expanded the scope of the advisory.

In addition to the original vulnerability, CVE-2023-20198, Cisco’s investigation revealed a second zero-day bug used in the attacks, designated CVE-2023-20273.

The attackers utilised the account they created using CVE-2023-20198 to exploit CVE-2023-20273.

“The attacker then exploited [CVE-2023-20273] leveraging the new local user to elevate privilege to root and write the implant to the file system,” the updated advisory said.

Users unable to upgrade can disable the web UI.

Fixes have been released for IOS XE versions 17.9, 17.6, 17.3, and for Catalyst 2650 and 3850 units, 16.12.

IOS XE is a Linux-based variant of Cisco’s IOS operating system, and is used in a variety of switch, router, and virtual router products.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
ciscoios xenetworkingsecurity

Sponsored Whitepapers

The Healthcare CISO&#8217;s Guide to Medical IoT Security
The Healthcare CISO’s Guide to Medical IoT Security
The Enterprise Buyer's Guide to IoT Security. 5 Must-Haves for Comprehensive Zero Trust IoT Security
The Enterprise Buyer's Guide to IoT Security. 5 Must-Haves for Comprehensive Zero Trust IoT Security
How to reach the &#8216;Holy Grail&#8217; of security and performance with SASE
How to reach the ‘Holy Grail’ of security and performance with SASE
Unveiling the Invisible Threat: Mastering the Art of Conveying Cyber Risks to Boards
Unveiling the Invisible Threat: Mastering the Art of Conveying Cyber Risks to Boards
Transforming Your Business
Transforming Your Business

Events

Most Read Articles

Super SA discloses third-party data breach

Super SA discloses third-party data breach
Cisco warns of critical IOS vulnerability being exploited

Cisco warns of critical IOS vulnerability being exploited
Oracle issues mammoth patch collection

Oracle issues mammoth patch collection
Qld gov introduces data breach notification legislation

Qld gov introduces data breach notification legislation

Digital Nation

COVER STORY: What AI regulation might look like in Australia
COVER STORY: What AI regulation might look like in Australia
How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
State of Security 2023
State of Security 2023

Log In

  |  Forgot your password?