Multiple vulnerabilities in Cisco IOS XE Web UI software

Published: 2023-10-17 | Updated: 2023-11-08

Risk	Critical
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2023-20198 CVE-2023-20273
CWE-ID	CWE-269
Exploitation vector	Network
Public exploit	Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild.
Vulnerable software Subscribe	Cisco IOS XE Operating systems & Components / Operating system
Vendor

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

Updated 23.10.2023

Added vulnerability #2

1) Improper Privilege Management

EUVDB-ID: #VU82065

Risk: Critical

CVSSv3.1:

CVE-ID: CVE-2023-20198

CWE-ID:

Exploit availability:

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper privilege management in the web UI feature. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected device and create an account with privilege level 15 access.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Cisco IOS XE: before 17.9.4a

Fixed software versions

CPE2.3

cpe:2.3:o:cisco_systems:cisco_ios_xe:*:*:*:*:*:*:*:*

External links

http://bst.cloudapps.cisco.com/bugsearch/bug/CSCwh87343
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
http://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-theory-crafting/
http://www.horizon3.ai/cisco-ios-xe-cve-2023-20198-deep-dive-and-poc/

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper Privilege Management

EUVDB-ID: #VU82295

Risk: High