What should you know about CISCO’s high-severity zero-day vulnerabilities?

What should you know about CISCO’s high-severity zero-day vulnerabilities?

Table of contents

No heading

No headings in the article.

CVE 2023-20198 – CISCO’s maximum severity zero-day vulnerabilities

Cisco has issued an alert over its critical zero-day vulnerability detected in their IOS XE software range.

The vulnerability is targeted toward systems that have HTTP/HTTP servers turned on. More than 40000 Cisco devices are now affected by this vulnerability, with 10,000 Cisco devices found with an implant for arbitrary code execution.

The critical vulnerability CVE-2023-20198 is assigned a severity rating of 10. That is the highest rating given on a CVSS vulnerability severity scale. It is present in the Web UI component of IOS XE software.

This vulnerability allows privilege escalation that enables an attacker to gain a full takeover of the system in that he has implanted the malware to. It means that cyber attackers can exploit this vulnerability to hijack a CISCO router and gain control of it.

The countries that are impacted the most by this vulnerability include the US, the Philippines, Mexico, Chile, and India.

Here are some of the facts about the said critical vulnerability:

More than 6509 hosts were affected in the US alone
There was a 40% jump in the number of hosts affected within 24 hours of detection
Earlier CISCO had issued high-severity vulnerability CVE202344487