October 20, 2023 at 04:12PM
Cisco is set to release a patch on October 22 for two zero-day vulnerabilities in its IOS XE devices. One vulnerability, discovered earlier, had already been exploited to compromise over 10,000 devices. A second flaw, identified later, is being used in the same exploit chain. Exploitation is expected to continue before the patch is released, with cybersecurity experts predicting an increase in malicious activity. However, it is doubtful that all Cisco customers will take immediate remediation steps, potentially leaving devices vulnerable for an extended period.
Key takeaways from the meeting notes are as follows:
1. Cisco has announced the release of a patch for two zero-day vulnerabilities in its IOS XE devices.
2. The first zero-day bug (CVE-2023-20198) has a severity rating of 10 out of 10 and had already allowed threat actors to compromise over 10,000 Cisco devices.
3. The second previously unknown flaw (CVE-2023-20273) has a CVSS score of 7.2 and is being used in conjunction with the first bug in the same exploit chain.
4. Threat actors used the first bug for initial access and the second to escalate privileges.
5. Cisco has stated that the previously mentioned CVE-2021-1435 vulnerability is no longer associated with this activity.
6. Cybersecurity expert Immanuel Chavoya predicts that there will likely be a spike in malicious activity against vulnerable devices before the release of the patch, including the potential for ransomware attacks.
7. Chavoya expresses skepticism that many Cisco customers will take the necessary steps to remediate and patch their devices, leading to prolonged exploitation for months or even years.