all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Warning Against Cisco IOS XE Software Web UI Vulnerabilities (CVE-2023-20198, CVE-2023-20273)

Add to bookmarks
Oct. 30, 2023, 4:26 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Overview


This month, Cisco released a security advisory regarding two vulnerabilities currently being actively exploited in actual attacks: CVE-2023-20198 and CVE-2023-20273.


These vulnerabilities are present in the web UI feature of Cisco IOS XE Software.


The CVE-2023-20198 vulnerability allows an unauthorized threat actor to create an arbitrary account with level 15 privileges, which is the highest level of access permission possible, and take control over the system. The CVE-2023-20273 vulnerability allows command injection which enables malicious content to be written …

account actively exploited actor advisory attacks cisco cisco ios cisco ios xe cisco ios xe software cve cve-2023-20198 cve-2023-20273 exploited feature ios ios xe malware analysis security security advisory software the web threat threat actor vulnerabilities vulnerability warning web

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Dell says names, addresses leaked after hacker claims access to 49M records 7 hours ago | malware.news
access addresses article claims +14
2024-05-09: GootLoader activity 10 hours ago | malware.news
analysis article gootloader link +5
Emerald Divide Uses GenAI to Exploit Social, Political Divisions in Israel Using Disinformation 12 hours ago | malware.news
bad bad actors collaboration companies +21
Insights: FortiGuard Labs' Threat Landscape Report for H2 2023, Part 1 12 hours ago | malware.news
article cybercriminals derek manky exploiting +12
Insights: FortiGuard Labs Threat Landscape Report for H2 2023, Part 2 12 hours ago | malware.news
article cyberattacks derek manky fortiguard +12
F5 Fixes Critical RCE Bugs in BIG-IP Next Central Manager 13 hours ago | malware.news
accounts attacker big big-ip +16
Google patches fifth Chrome zero-day of 2024 13 hours ago | malware.news
article bug chrome chrome zero-day +12
Update your Chrome browser ASAP. Google has confirmed a zero-day exploited in the wild 15 hours ago | malware.news
article browser chrome chrome browser +14
Alleged Europol Breach by IntelBroker 15 hours ago | malware.news
actor agency breach classified +18

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Application Security Assurance Associate

@ DTCC | Tampa, FL, United States
View on infosec-jobs.com

Threat Hunter II

@ Microsoft | Hyderabad, Telangana, India
View on infosec-jobs.com

Staff Cyber Security Engineer (Application Security, Emerging Platforms)

@ NBCUniversal | Englewood Cliffs, NEW JERSEY, United States
View on infosec-jobs.com

Cyber Security Senior Cyber Security Engineer

@ Sopra Steria | Noida, Uttar Pradesh, India
View on infosec-jobs.com

Data Protection and Privacy Manager

@ Future PLC | London, England, United Kingdom
View on infosec-jobs.com

RSOC Manager

@ The University of Texas at Austin | AUSTIN, TX
View on infosec-jobs.com
View more jobs