DESCRIPTION:
Researchers have discovered a high-risk security vulnerability (CVE-2023-20198) in Cisco IOS XE Software Web UI feature, allowing remote attackers to create a high-privilege Level 15 account without authentication. This enables them to take control of the affected system. The vulnerability is currently being actively exploited by hackers, and official patches are in progress. For further updates, please refer to the official website.
AFFECTED RELEASES:
These vulnerabilities affect Cisco IOS XE Software if the web UI feature is enabled, including switches, wireless controllers, wireless access points, and routers
SOLUTION:
Currently, Cisco has not released an update program officially, only providing recommended actions. Please refer to the 'Recommendations' section on the Cisco official website, which suggests disabling the HTTP Server function or allowing only trusted devices to establish HTTP/HTTPS connections. You can find more information at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z#REC
REFERENCE:
1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
2. https://nvd.nist.gov/vuln/detail/CVE-2023-20198
3.https://arstechnica.com/security/2023/10/actively-exploited-cisco-0-day-with-maximum-10-severity-gives-full-network-control/
4. https://www.darkreading.com/vulnerabilities-threats/critical-unpatched-cisco-zero-day-bug-active-exploit
5. https://www.ithome.com.tw/news/159338