CVE-2023-20198

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software versions prior to a patch (affected versions not specified)

Description Cisco is aware of active exploitation of a critical, unauthenticated remote code execution vulnerability (CVE-2023-20198) in the web UI feature of Cisco IOS XE Software. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access, effectively enabling complete system takeover. The vulnerability is actively exploited in the wild, with over 40,000 devices reportedly compromised. Threat actors, including the China-linked Salt Typhoon group, have exploited this flaw to gain access to systems, steal configuration files, and establish tunnels for data exfiltration. The vulnerability has been exploited in attacks targeting Canadian telecommunications providers. A public exploit code is available. Indicators of compromise include the presence of a malicious implant and the creation of a user account named “cisco support”. The vulnerability is rated with a CVSS score of 10.0.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.