CVE-2023-20198: Cisco IOS XE Web UI Privilege Escalation Vulnerability
First published: Mon Oct 16 2023(Updated: )
Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device.
Credit: ykramarz@cisco.com ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE | >=16.12<16.12.10a | |
| Cisco IOS XE | >=17.3<17.3.8a | |
| Cisco IOS XE | >=17.6<17.6.6a | |
| Cisco IOS XE | >=17.9<17.9.4a |
Remedy
Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://arstechnica.com/security/2023/10/actively-exploited-cisco-0-day-with-maximum-10-severity-gives-full-network-control/
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
- https://www.darkreading.com/vulnerabilities-threats/critical-unpatched-cisco-zero-day-bug-active-exploit
- https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-dublin-17121/221128-software-fix-availability-for-cisco-ios.html;
- https://nvd.nist.gov/vuln/detail/CVE-2023-20198
- https://www.theregister.com/2024/10/12/russia_is_targeting_you_for/
Frequently Asked Questions
What is CVE-2023-20198?
CVE-2023-20198 refers to a privilege escalation vulnerability in Cisco IOS XE Web UI.
What is the severity of CVE-2023-20198?
The severity of CVE-2023-20198 is high.
How does CVE-2023-20198 impact Cisco IOS XE Web UI?
CVE-2023-20198 allows a remote, unauthenticated attacker to create an account with level 15 access and gain control of the affected device.
How can I fix CVE-2023-20198?
To fix CVE-2023-20198, apply the necessary security patches provided by Cisco.
Where can I find more information about CVE-2023-20198?
More information about CVE-2023-20198 can be found on the Cisco Security Advisory page: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- agent/remedy
- agent/title
- agent/description
- agent/weakness
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/references
- collector/nvd-cve
- agent/author
- agent/tags
- collector/the-register
- source/The Register
- alias/CVE-2023-20198
- alias/CVE-2023-42793
- alias/CVE-2024-9164
- vendor/cisco
- canonical/cisco ios xe
- version/cisco ios xe/16.12
- version/cisco ios xe/17.3
- version/cisco ios xe/17.6
- version/cisco ios xe/17.9
- canonical/cisco ios xe web ui