Cisco warns of critical software flaw exploited by cyberattackers

17 Oct 2023

Image: © JHVEPhoto/Stock.adobe.com

The vulnerability lets attackers effectively gain full control of affected devices and conduct further ‘unauthorised activity’.

Multinational tech company Cisco has shared details on a vulnerability in its IOS XE software that has been actively exploited by attackers.

The company said that this vulnerability allows a cyberattacker to create an account with “privilege level 15” on affected devices. This privilege level grants the attacker full control of the device and allows them to conduct further “unauthorised activity”, according to a Cisco report.

Cisco said the vulnerability was discovered in the web user interface of IOS XE software and that it can be exploited when exposed to the internet or untrusted networks. Both virtual and physical devices that have the HTTP or HTTPS server feature enabled are affected.

Cisco said this is a “critical vulnerability” and has shared steps that should be taken on affected devices. These recommendations include disabling the HTTP server feature on internet-facing systems.

“We strongly recommend organisations that may be affected by this activity immediately implement the guidance outlined in Cisco’s Product Security Incident Response Team (PSIRT) advisory,” Cisco said in a blogpost.

“Organisations should look for unexplained or newly created users on devices as evidence of potentially malicious activity relating to this threat.”

Cisco has shared the vulnerability on the national vulnerability database, which is managed by the US National Institute of Standards and Technology. The notice on this database says Cisco will provide updates on both the investigation and when a software patch is available.

Software vulnerabilities remain a constant threat in the tech sector, as they are exploited by various threat actors and organisations.

Last month, Google said it fixed a zero-day vulnerability on Chrome that was actively exploited by a commercial spyware vendor. The week before, Apple released a security update for iOS, due to reports that certain flaws may have been “actively exploited” by cyberattackers.

report from TAG the same week said an iPhone flaw was being used by commercial surveillance vendor Intellexa to install Predator spyware onto devices. Intellexa has a presence in Ireland and has been accused by Amnesty International of developing highly invasive spyware and selling it to authoritarian governments.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic

editorial@siliconrepublic.com