Cisco published an advisory on Monday detailing an unpatched critical vulnerability impacting its IOS XE software. The zero-day is under active exploitation and was assigned a 10.0 on the CVSS scoring system.
The vulnerability enables attackers to create accounts with level 15 access and exercise complete control over compromised systems. The zero-day impacts physical and virtual devices running Cisco IOS XE software with the HTTP or HTTPS server feature enabled. Cisco recommends users should disable the HTTP server feature on all internet-facing systems. Cisco observed two clusters of suspicious activity where seemingly authorized users created new local user accounts named “cisco_tac_admin” and “cisco_support” on customer devices. The attacker then deployed a Lua-based implant to execute arbitrary commands. CISA issued an advisory and added the bug to its Known Exploited Vulnerabilities list.
Read More:
https://thehackernews.com/2023/10/warning-unpatched-cisco-zero-day.html