Cisco has patched two zero-day vulnerabilities that exposed the Cisco IOS XE system software hosts to attackers. The vulnerabilities impacted devices running the Cisco IOS XE software, including routers and switches. The update, including the patches, is available on Cisco’s software download portal.
Cisco’s Threat Intelligence Group released the fixes and they started to roll out on October 22. The first are for CVE-2023-20198, which allowed attackers to exploit a vulnerability in the Web UI of Cisco IOS XE to gain privilege level 15 access. The second fix targeted CVE-2023-20273, which allowed an attacker with level 15 access to inject commands with root privileges. CVE-2023-20198 is rated critical and CVE-2023-20273 is rated high severity in the Common Vulnerability Scoring System. If attackers were to take advantage of these vulnerabilities, they could monitor network traffic, inject and redirect network traffic, breach protected network segments and lurk in the network.
Read More: Cisco Patches Two Dangerous Zero-Day Vulnerabilities