Exploitation of Recent Cisco IOS XE Vulnerabilities Spikes

Nonprofit cybersecurity organization The Shadowserver Foundation has observed a spike in the number of devices hacked via recently patched Cisco IOS XE vulnerabilities.
Tracked as CVE-2023-20198 and CVE-2023-20273, the flaws were patched in October, when Cisco warned that they had already been exploited in the wild as zero-days.
An attacker can target CVE-2023-20198 to gain high privileges on a vulnerable device and create a new user account.
The attacker can then log into the new account and exploit CVE-2023-20273 to inject and execute commands with root privileges.
As part of the observed attacks, unknown threat actors were exploiting the flaws to create high-privileged accounts and deploy a Lua-based backdoor implant to take over the vulnerable devices.
Shortly after Cisco alerted customers on the existence of the bugs, roughly 50,000 infected switches and routers were identified, with close to 40,000 still infected several days later, after the attackers updated their implant.
Now, Shadowserver says that more than 23,000 devices have the malicious implant, after a spike in infections at the end of last week, mainly in Mexico and Chile.
The infections had dropped steadily throughout November, and the tracking platform notes that the recent spike could be the result of a new attack campaign.
In mid-October, Cisco warned that the targeted vulnerabilities impact the IOS XE software if the Web User Interface is exposed to the internet, and provided indicators-of-compromise to help security teams hunt for potential intrusions.
A week later, Rockwell Automation warned customers that its Stratix 5800 and 5200 managed industrial Ethernet switches are also impacted by the two vulnerabilities, as they use the IOS XE operating system.
Cisco has released IOS XE software versions 17.9, 17.6, 17.3 and 16.12 to patch both vulnerabilities.
Organizations are advised to identify any vulnerable appliances in their environments and apply the appropriate patches as soon as possible.
They should also hunt for malicious activity on their networks.


This Cyber News was published on www.securityweek.com. Publication date: Wed, 06 Dec 2023 16:13:05 +0000


Cyber News related to Exploitation of Recent Cisco IOS XE Vulnerabilities Spikes

Cisco patches IOS XE zero-days used to hack over 50,000 devices - Cisco has addressed the two vulnerabilities that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. The free software release comes after a threat actor leveraged the security issues as zero-days to compromise and ...
1 year ago Bleepingcomputer.com
Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day - More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability tracked as CVE-2023-20198. There is no patch or a workaround available and the only ...
1 year ago Bleepingcomputer.com
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked - Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices. Cisco released patches for most releases of its IOS XE software but ...
1 year ago Bleepingcomputer.com
Over 10,000 Cisco devices hacked in IOS XE zero-day attacks - Attackers have exploited a recently disclosed critical zero-day bug to compromise and infect more than 10,000 Cisco IOS XE devices with malicious implants. The list of products running Cisco IOS XE software includes enterprise switches, aggregation ...
1 year ago Bleepingcomputer.com
Cisco discloses new IOS XE zero-day exploited to deploy malware implant - Cisco disclosed a new high-severity zero-day today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. The company said it found a fix for both vulnerabilities ...
1 year ago Bleepingcomputer.com
Building Data Center Infrastructure for the AI Revolution  - This is part two of a multi-part blog series on AI. Part one, Why 2024 is the Year of AI for Networking, discussed Cisco's AI networking vision and strategy. This blog will focus on evolving data center network infrastructure for supporting AI/ML ...
8 months ago Feedpress.me
What's Coming to Cisco Live Europe 2024 for the Data Center Developer? - In just a week or so, Cisco Live EMEA, 2024 will be ready to sizzle at the RAI Amsterdam. From a Cisco Cloud Networking standpoint, Cisco Nexus Dashboard, Cisco ACI, and Nexus 9000 Series switches are showing up in a big way. Read on to learn what ...
10 months ago Feedpress.me
Number of hacked Cisco IOS XE devices plummets from 50K to hundreds - The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously plummeted from over 50,000 impacted devices to only a few hundred, with researchers unsure what is causing the sharp decline. This week, Cisco warned that ...
1 year ago Bleepingcomputer.com
5 Tips for Pi Day Savings at the Cisco Learning Network Store - Save 25% on select training products from the Cisco Learning Network Store for 24 hours only. Two new multicloud training courses are now available in the Cisco Learning Network Store-and they're included in the Pi Day Sale. If you are an active ...
8 months ago Feedpress.me
Cisco Adds New Security and AI Capabilities in Next Step Toward Cisco Networking Cloud Vision - PRESS RELEASE. AMSTERDAM, Feb. 6, 2024 /PRNewswire/ - CISCO LIVE EMEA - Cisco, the leader in networking and security, today introduced new capabilities and technologies across its networking portfolio that are designed to drive a more unified and ...
9 months ago Darkreading.com
Exploitation of Recent Cisco IOS XE Vulnerabilities Spikes - Nonprofit cybersecurity organization The Shadowserver Foundation has observed a spike in the number of devices hacked via recently patched Cisco IOS XE vulnerabilities. Tracked as CVE-2023-20198 and CVE-2023-20273, the flaws were patched in October, ...
11 months ago Securityweek.com
Accelerating Your Journey to the 128-bit Universe - The 2023 National Cybersecurity Strategy requires acceleration of your agency's mission to go boldly into the 128-bit address space universe with greater speed and urgency. IPv6-only is the addressing standard for the U.S. Federal Government, ...
11 months ago Feedpress.me
Embrace the Multicloud Era with Cisco Learning and Certifications at Cisco Live Amsterdam - It's time to come together with experts and thousands of your peers to connect, learn, and advance your career with the Learning & Certifications team at Cisco Live Amsterdam, February 5-9, 2024. Let's dive into how you can make the most of your ...
9 months ago Feedpress.me
Join Customer Experience for Cisco Live EMEA Demos - In her blog, Countdown to Cisco Live EMEA, Adele Trombetta, SVP, Cisco Customer Experience EMEA, mentioned how excited she is for Cisco Live EMEA in just a little more than a week, and I agree. I want to go a little deeper and give you some more ...
10 months ago Feedpress.me
Award-Winning Centralized Platform Helps Unlock Value Through Simplicity - Network operators need to cater to their customers by delivering services from anywhere between 1G to 100G speeds, while having the ability to aggregate into 400G networks. With the evolution of the network and emergence of more localized and ...
9 months ago Feedpress.me
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
6 months ago Securityaffairs.com
Embracing Sustainability: Embark on the Journey to a More Sustainable Future! - Sustainability isn't just about protecting the planet for future generations. It's also about preserving the delicate balance that allows life to thrive today and tomorrow. In a world where environmental concerns are growing more urgent with each ...
1 year ago Feedpress.me
Honoring Cisco Designated VIPs at Cisco Live Amsterdam 2024 - Every Cisco Live, we have the opportunity to meet our esteemed Cisco Designated VIPs in person. It is one of the most significant highlights for the Cisco Learning Network's community managers and the Cisco Learning & Certifications organization's ...
9 months ago Feedpress.me
The power of community helps Cisco Insider Rob Taylor bring innovation to his customers. - Cisco's advocacy community, Cisco Insider Advocates, brings our customers together and provides a way for them to make powerful connections, expand their professional and personal networks, and learn from top experts in their field. Fate stepped in, ...
6 months ago Feedpress.me
Inspiring Innovation at Cisco Live Las Vegas 2024 - Being in the technology industry means we've all had a front-row seat to witness tectonic shifts such as the inception of the internet and now Cisco will impact that level of change again. To assist you in this journey at Cisco Live, and beyond, is ...
6 months ago Feedpress.me
Shaping the Future of Finance: The Cisco and AWS Collaboration in EMEA - The collaboration between Cisco and Amazon Web Services in the Europe, Middle East, and Africa region-combining each company's market leading strengths-continues to deliver impressive outcomes for our customers, notably within the Financial Services ...
11 months ago Feedpress.me
Navigating the AI Frontier with Cisco - Fresh from another impactful Cisco Live EMEA, the buzz around Artificial Intelligence is undeniable. AI stands as a new frontier for businesses, a beacon of innovation in our swiftly evolving landscape. On Partner Day, I addressed a packed room of ...
9 months ago Feedpress.me
Meet the Cisco Security Risk Score - In April 2023, we rebranded our risk-based vulnerability management solution, Kenna. Effective immediately, the Kenna Risk Score is renamed to the Cisco Security Risk Score. VI is renamed to Cisco Vulnerability Intelligence, and Kenna. To strengthen ...
11 months ago Feedpress.me
For the Love of Learning: We're Here for You at Cisco Live 2024 Las Vegas! - Cisco Live is all about learning, as are Cisco Learning & Certifications and Cisco U. We're here to provide the opportunities you need to learn everything you can and apply your newfound knowledge as soon as possible in the tech career you want. ...
6 months ago Feedpress.me
Congratulations to our 2023 CX Customer Hero Award Winners - There is no event quite like Cisco Live for our Customer Experience team. Successful transformation happens when innovative leaders dream big and collaborate with Cisco CX to execute on those dreams. Today, we are presenting a Cisco CX Customer Hero ...
11 months ago Feedpress.me

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)