Cisco reports major security flaw, users urged to patch immediately

A 10/10 flaw gives attackers the keys to the kingdom

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers are exploiting a critical vulnerability in some Cisco devices to gain full admin control of entire networks, the company has revealed..

In asecurity advisoryfrom its Talos research team, the company urged users to apply the newly released patch without hesitation.

The vulnerability is found in the Web User Interface of Cisco IOS XE software connected to the public internet. So, whatever Cisco endpoint (routers, switches, etc.) that runs the software, has HTTP and HTTPS Server features enabled, and is connected to the internet, is vulnerable to full device takeover.Ars Technicareports that some 80,000endpointsare currently affected by the flaw, which is now tracked as CVE-2023-20198, and carries a severity rating of 10.

Dropping malware

“Successful exploitation of this vulnerability allows an attacker to create an account on the affected device with privilege level 15 access, effectively granting them full control of the compromised device and allowing possible subsequent unauthorized activity,” Cisco Talos said in its advisory. “This is a critical vulnerability, and we strongly recommend affected entities immediately implement the steps outlined in Cisco’s PSIRT advisory.”

Allegedly, someone’s been exploiting the flaw for a month now, at least. We don’t know who, or against whom. What we do know is that the attackers were using the flaw to drop a piece of malware that runs once the web server restarts. The malware is also unable to survive a reboot, but the local user account will remain active, allowing the attackers to repeat the process if necessary. As per Ars Technica, the flaw is “relatively easy to exploit” and allows attackers to run all kinds of malicious operations.

Besides installing the patch, another way to make sure your devices are safe is to never have HTTP and HTTPS Server features enabled on internet-facing systems.

More from TechRadar Pro

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Need to unplug from the world for a bit? Here’s everything you’ll need to start game streaming for under $500 this Black Friday