October 23, 2023 at 10:09AM
Cisco has released a free software update to address two vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that hackers exploited to compromise over 50,000 IOS XE devices. The first fixed release available is 17.9.4a, with updates for other releases to be disclosed later. The vulnerabilities are in the web UI of Cisco devices and can be exploited if the HTTP Server feature is turned on. There has been a sudden drop in hacked Cisco IOS XE hosts, possibly due to the attacker deploying an update or a grey-hat hacker rebooting infected devices. A public report from Cisco or further analysis is needed for more information.
From the meeting notes, the key takeaways are:
1. Cisco has addressed two vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that were exploited by hackers to compromise tens of thousands of IOS XE devices.
2. The first fixed software release (17.9.4a) is now available from Cisco’s Software Download Center.
3. Updates for other IOS XE software releases (17.6, 17.3, and 16.12) will be rolled out at a later date.
4. The vulnerabilities (CSCwh87343) are located in the web UI of Cisco devices running IOS XE software, with one rated as critical (10/10) and the other as high severity (7.2).
5. The attacker exploited the critical flaw to gain access to the devices and create a normal local account with escalated privileges.
6. By leveraging the high severity vulnerability, the attacker elevated the privileges of the local user and added a malicious script to the file system.
7. The presence of the commands “ip http server” or “ip http secure-server” in the system configuration indicates that the web UI feature is enabled.
8. There was a sudden drop in the number of hacked Cisco IOS XE hosts, possibly due to the attacker deploying an update to hide their presence or grey-hat hackers rebooting infected devices.
9. Further investigation by Cisco or other security researchers is needed to determine the exact cause of the sudden drop in hacked devices.
Please let me know if you need any further assistance or clarification.