Name of the Vulnerable Software and Affected Versions:

Cisco IOS XE versions prior to the fixed version

Description:

The vulnerability in Cisco IOS XE allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. This vulnerability is actively being exploited in the wild, with over 40,000 devices reportedly compromised. The vulnerability affects devices that have the Web User Interface (Web UI) feature enabled.

Recommendations:

To resolve the issue, update Cisco IOS XE to a version that includes the fix for this vulnerability. If an update is not available, disable the HTTP Server feature on all internet-facing systems to mitigate the risk of exploitation. Additionally, restrict access to the Web UI feature to minimize the risk of exploitation.

Note: The exact fixed version is not specified in the provided input, so it is recommended to check the official Cisco website for the latest information on this vulnerability and its fix.