More than 40000 devices were affected by Cisco zero-day vulnerabilities CVE-2023-20198 and 2023-20273, impacting the operations of many businesses worldwide. SharkStriker shows a way to be prepared against them.
CVE 2023-20198 – CISCO’s maximum severity zero-day vulnerabilities Cisco has issued an alert over its critical zero-day vulnerability detected in their IOS XE software range. The vulnerability is targeted toward systems that have HTTP/HTTP servers turned on. More than 40000 Cisco devices are now affected by this vulnerability, with 10,000 Cisco devices found with an implant for arbitrary code execution. The critical vulnerability CVE-2023-20198 is assigned a severity rating of 10. That is the highest rating given on a CVSS vulnerability severity scale. It is present in the Web UI component of IOS XE software. This vulnerability allows privilege escalation that enables an attacker to gain a full takeover of the system in that he has implanted the malware to. It means that cyber attackers can exploit this vulnerability to hijack a CISCO router and gain control of it. The countries that are impacted the most by this vulnerability include the US, the Philippines, Mexico, Chile, and India. Here are some of the facts about the said critical vulnerability: More than 6509 hosts were affected in the US alone There was a 40% jump in the number of hosts affected within 24 hours of detection Earlier CISCO had issued high-severity vulnerability CVE202344487
30 Oct 2023