The IT Nerd

The Horizon3.ai Threat Research Team has just released Cisco IOS XE Web UI Vulnerability: A Glimpse into CVE-2023-20198.

The post from Horizon3.ai Attack Team Technical Manager Josh Foster details risks of compromise, the current known indicators of compromise, and immediate remediation measures. It also offers longer-term remediation strategies given that Cisco has yet to release a patch for CVE-2023-20198, and that Cisco observed the threat actor(s) using 2 different techniques to install an unidentified Remote Access Trojan (RAT) once the device has been compromised.

Risks of Compromise: Josh notes that attackers with this type of unfettered remote access to a network device could take the following actions with associated impacts: monitor network traffic – eavesdropping on privileged network communications; inject and redirect network traffic – exposing the enterprise to man-in-the-middle attacks; breach protected network segments; and utilize it as a persistent beachhead to the network as there is a lack of detection/protection solutions for these devices and they can often go overlooked during patch-cycles until a disruption to user activity is noticed.

Blog Post – Cisco IOS XE Web UI Vulnerability: A Glimpse into CVE-2023-20198: https://www.horizon3.ai/cisco-ios-xe-web-ui-vulnerability-a-glimpse-into-cve-2023-20198/

This entry was posted on October 20, 2023 at 8:16 am and is filed under Commentary with tags horizon3.ai. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.