CVE-2023-20198
Cisco IOS XE Web UI Privilege Escalation Vulnerability
CVSS
—
Sin CVSS
EPSS
99.6%
p100
KEV
SÍ
16 oct 2023
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Cisco / IOS XE Web UI
Vulnerabilidad
Cisco IOS XE Web UI Privilege Escalation Vulnerability
Añadido a KEV
16 oct 2023
Remediar antes de
20 oct 2023
Uso conocido en ransomware
No
Descripción resumida
Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device.
Acción requerida
Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.
Notas
https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-dublin-17121/221128-software-fix-availability-for-cisco-ios.html; https://nvd.nist.gov/vuln/detail/CVE-2023-20198
Sin CVEs relacionados por CWE o producto.