CVE-2023-20273

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software (affected versions not specified)

Description A flaw exists in the web UI feature of Cisco IOS XE Software that could allow an authenticated, remote attacker to inject commands with root privileges. This is due to insufficient input validation. The vulnerability is actively exploited in attacks, with reports indicating the deployment of a malicious Lua-based implant on susceptible devices. The attackers are leveraging this issue to escalate privileges and write malicious implants to the file system. The vulnerability affects devices worldwide. The web UI is the entry point for exploitation, allowing attackers to inject commands into the underlying operating system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.