CVE-2023-20198 has been assigned a CVSS Score of 10.0.Cisco has assigned CVE-2023-20273 to this issue. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. This allowed the user to log in with normal user access. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. Our investigation has determined that the actors exploited two previously unknown issues. Fix information can be found in the Fixed Software section of this advisory. We are updating our list of products confirmed not vulnerable.Ĭisco will update the advisory as additional releases post to Cisco Software Download Center. Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |