Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198)

A previously unknown vulnerability (CVE-2023-20198) affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the devices and install an implant, Cisco Talos researchers have warned today. About CVE-2023-20198 CVE-2023-20198 is a privilege escalation vulnerability in the web UI feature of Cisco IOS XE software, which is installed on various Cisco controllers, switches, edge, branch and virtual routers. The web UI is an embedded GUI-based tool … More →

The post …

0 day actor attack attackers cisco cisco ios cisco ios xe cisco talos control cve devices don't miss escalation exploited feature hot stuff implant install ios networking privilege privilege escalation researchers running software talos the web threat threat actor today vulnerability web zero-day