Fortra’s Alert Logic is actively researching a critical vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability, CVE-2023-20198, allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.
Who is affected?
Any customer using Cisco IOS XE Software is affected if the web UI feature is enabled. For more information on determining if the web UI feature is enabled, refer to Cisco’s Security Advisory.
What can I do?
Cisco has begun releasing fixes for this vulnerability. As of October 23, 2023, a fix has been released for Cisco IOS XE Software version 17.9.4a. Fixes for additional versions are planned. For more information, refer to Cisco's update.
If you are unable to update, Cisco strongly recommends disabling the HTTP Server feature on all internet-facing systems. For more information on disabling the HTTP Server feature, refer to Cisco’s Security Advisory.
How is Alert Logic helping me?
Alert Logic is actively researching this threat to build detection capabilities.
Network IDS: Alert Logic has released IDS telemetry signatures to aid in detection research.
Log Management: Alert Logic has deployed and is actively monitoring log telemetry related to known IOCs.
Alert Logic has kicked off the Emerging Threat process for this vulnerability. This article will be updated with new information about this vulnerability and related Alert Logic coverage as it becomes available. To follow updates for this vulnerability, click FOLLOW at the top of this article. You must be signed into the Support Center using your Alert Logic product credentials to follow this article.
10/23/2023: Cisco has released a fix for Cisco IOS XE Software version 17.9.4a.