Critical Cisco IOS XE Vulnerabilities Actively Exploited

Cisco has recently released two vulnerabilities affecting their Cisco IOS XE devices. Both of these vulnerabilities are currently under active exploitation, making it imperative for organisations to take immediate action to secure their systems.

CVE-2023-20198 - Unauthorized Access with Elevated Privileges

This vulnerability poses a significant risk. In this scenario, a remote and unauthenticated attacker can craft an account on the compromised system, with the highest privilege level (level 15). This essentially grants the attacker complete control over the affected system. The potential consequences of such an intrusion can be catastrophic, including data breaches and system compromise.

CVE-2023-20273 - Injection of Arbitrary Commands

The second vulnerability, denoted as CVE-2023-20273, allows remote, authenticated attackers to inject arbitrary commands into the system as the root user. Gaining access as the root user provides an attacker with the highest level of control and can lead to system compromise, data theft, and widespread damage.

To address these serious vulnerabilities and minimise the risks associated with them, it's crucial for organisations to take immediate action. Cisco has already published an advisory outlining possible mitigations and patches to protect your systems.

In response to these threats, the National Cyber Security Centre (NCSC) is actively collaborating with affected UK organisations. Moreover, they have issued notifications to entities that are part of the NCSC Early Warning service to ensure prompt action is taken.

In this high-stakes cyber landscape, being proactive is key. Ensure your organisation is aware of these vulnerabilities, assess your systems for potential exposure, and apply the recommended patches and mitigations. By doing so, you can protect your systems and data from these active exploits and minimise the risk of a catastrophic breach.

Previous
Previous

Cyber Security in the Housing Sector: Protecting Homes and Data

Next
Next

PureCyber Microbytes: How to Protect Your SME against Social Engineering