MaharlikaNews | Canada Leading Online Filipino Newspaper Portal The No. 1 most engaged information website for Filipino – Canadian in Canada. MaharlikaNews.com received almost a quarter a million visitors in 2020.
Cisco has issued an urgent warning about a critical vulnerability in its IOS XE software that unknown attackers are actively exploiting. The vulnerability tracked as CVE-2023-20198 could allow an unauthenticated, remote attacker to create an account on an affected device with full administrative privileges.
The vulnerability affects the Web User Interface (Web UI) feature of Cisco IOS XE software when exposed to the internet or untrusted networks. Any switch, router, or wireless LAN controller running IOS XE with the HTTP or HTTPS Server feature enabled and exposed to the internet is vulnerable.
Cisco said it became aware of the vulnerability on September 28, when it was reported to its Technical Assistance Center. An analysis showed that related activity began as early as September 18. The attackers have been using the vulnerability to create local user accounts with privilege level 15 access, which grants them complete control of the compromised device.
In a report, Cyberscoop said “Later in the day, researchers with Censys reported observing 34,140 devices “that appear to have the backdoor installed.” Censys’ data pointed to tens of thousands of compromised devices around the world, the majority of which are in the U.S.”
The attackers have also been exploiting a previously patched vulnerability, CVE-2021-1435, to install an implant on the device that allows them to execute arbitrary commands at the system or iOS level. The implant is saved in the file path “/usr/binos/conf/nginx-conf/cisco_service.conf” and contains two variable strings composed of hexadecimal characters.
I talked to a top cybersecurity professional in the country about the issue, and he said as of the moment, Cisco has not yet released a software update to fix the vulnerability but has provided some mitigation steps in its security advisory.
The company has advised affected customers to turn off the HTTP Server feature on all Cisco IOS XE systems connected to internet-facing networks. To turn off the HTTP Server feature, customers can use the “no ip http server” or “no ip http secure-server” command in global configuration mode.
Cisco has also recommended customers to monitor their devices for any signs of compromise, such as unauthorized user accounts, unusual processes, or files with unfamiliar names or locations. Customers can also use Cisco’s Secure Network Analytics product to detect any malicious activity on their network.
Cisco has rated the vulnerability as critical, with a Common Vulnerability Scoring System (CVSS) score of 10 out of 10. The company has said it is working non-stop to provide a software fix and will update its advisory once it is available.
*****
Credit belongs to : www.mb.com.ph
