CVE-2023-20198

Name of the Vulnerable Software and Affected Versions Cisco IOS XE (affected versions not specified)

Description The vulnerability in Cisco IOS XE allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access, effectively enabling a complete takeover of the system. This issue is actively being exploited in the wild, with tens of thousands of devices reportedly compromised. The vulnerability is related to the web UI feature of Cisco IOS XE Software when exposed to the internet or untrusted networks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the web UI feature on all internet-facing systems or untrusted networks to minimize the risk of exploitation. Restrict access to the web UI to only trusted networks and users. Monitor for malicious activity and report findings to the relevant authorities. Apply the recommended mitigations from Cisco, such as disabling the HTTP Server feature, to reduce the risk of exploitation.