CVE-2023-20198

CVE-2023-20198 is a significant software vulnerability discovered in the Web User Interface (Web UI) feature of Cisco IOS XE software. This flaw, identified by Cisco, has been actively exploited when exposed to the internet or untrusted networks. The exploitation of this zero-day vulnerability has led to the creation of unauthorized admin accounts and installation of implants on Cisco IOS XE devices, compromising their security. Furthermore, threat actors have used this critical weakness to compromise thousands of Cisco IOS XE devices, as warned by the security firm VulnCheck. Throughout the past year, several compromises were initiated through poorly secured Windows RDP implementations and compromised credentials. However, towards the end of the year, many network breaches occurred by exploiting CVE-2023-20198 in devices running Cisco Systems’ IOS XE operating system. This situation was part of a broader context where top zero-day flaws came from vendors like Citrix and Cisco, involving code injection bugs, privilege escalation, and buffer overflow vulnerabilities. In response to these security threats, Cisco took action to address the vulnerabilities. In October, two zero-day vulnerabilities (CVE-2023-20198 and CVE-2023-20273) were patched after they were exploited to compromise over 50,000 IOS XE devices within a single week. Following these events, Cisco released a security advisory and update to rectify the vulnerability (CVE-2023-20198) affecting IOS XE Software Web UI, thereby reducing the risk of future device control takeovers by cyber threat actors.