en.Wedoany.com Reported - Cisco has issued a security advisory warning of a critical vulnerability (CVE-2023-20198) in the web user interface of its network operating system IOS XE, which is being actively exploited in the wild with no patch currently available. Cisco warns that this security flaw could allow an unauthenticated remote attacker to create an account with privilege level 15 access on an affected system, thereby gaining full control of the system.

This vulnerability affects Cisco IOS XE software with the Web UI feature enabled. The web user interface feature is enabled via the command "ip http server" or "ip http secure-server". Cisco states that system administrators can check whether the HTTP server feature is enabled on a system by running the command show running-config | include ip http server|secure|active on the management interface to see if either command is present in the global configuration. To detect whether a system has been implanted with malicious code, Cisco's security division Talos provides a verification method: execute the command curl -k -X POST "https://systemip/webui/logoutconfirm.html?logon_hash=1" from a device that can access the system, where systemip is the IP address of the system being checked. If the request returns a hexadecimal string, it indicates the presence of an implant on the system.

The built-in graphical interface of IOS XE is provided by default to simplify system configuration, deployment, and management, requiring no license installation or activation of additional options. This web interface allows users to create configurations, monitor, and troubleshoot the system without knowledge of the command-line interface (CLI). Until a patch is released, Cisco recommends an aggressive measure: disable the HTTP server feature on all internet-facing affected systems. If disabling HTTP is not feasible, Cisco advises allowing only trusted networks to access IOS XE-based services. This temporary solution leaves affected enterprises with few other options.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com