Cisco Systems has discovered a critical vulnerability in the web-based user interface of its IOS XE software. Tracked as CVE-2023-20198, the vulnerability is being actively exploited to gain unauthorized access and full control of physical and virtual devices.
A separate report from internet intelligence platform Censys indicates that as of October 18, the number of hosts compromised due to this vulnerability and likely having a backdoor installed stands at 41,983 worldwide. Notably, the Philippines ranks second in terms of compromised Cisco devices with a host count of 3,966 so far.
Topping the list is the United States with 6,509 affected devices, followed by Mexico (3,052), Chile (2,719) and India (2,503). Censys found that this vulnerability mainly targets smaller entities and individuals, not large corporations. Compromised devices are mostly within telecommunications firms serving households and businesses.
See also: Why you should always update your antivirus software
By taking advantage of the vulnerability, a malicious individual can set up an account that has administrative rights, with privilege level 15 access, on the targeted device.
From the security advisory it first published on October 16, Cisco is recommending network administrators to close the attack vector for this vulnerability, specifically by disabling the web UI feature of devices running the Cisco IOS XE Software. Entering the command “no ip http server” or “no ip http secure-server” in global configuration mode disables the feature.
Cisco has yet to release a software patch to fix the vulnerability. No workarounds are available that address the vulnerability.