Cisco Provides Update on Investigation into Web UI Exploitation

CVE-2023-20198

What is CVE-2023-20198?

CVE-2023-20198 is a severe security vulnerability affecting Cisco IOS XE Software, a widely utilized operating system for Cisco's networking devices. This vulnerability enables attackers to exploit the web user interface (UI) to gain unauthorized access and create local user accounts with elevated privileges. By leveraging this access, threat actors can potentially compromise network integrity, disrupt operations, and deploy malicious payloads, which can have dire consequences for organizations reliant on Cisco networking solutions.

Technical Details

CVE-2023-20198 has been assigned a CVSS score of 10.0, signifying critical severity in its impact. The vulnerability allows an attacker to issue privilege 15 commands, thereby enabling the creation of local user accounts with normal access rights. This initial foothold is often followed by further exploitation of additional vulnerabilities in the system, which may lead to privilege escalation and the ability to write unauthorized files into the system's file structure. Cisco has identified this flaw in conjunction with CVE-2023-20273, indicating a multi-layered attack scenario that can be exploited by malicious actors.

Potential impact of CVE-2023-20198

1. Unauthorized Access and Control: The vulnerability permits attackers to gain unauthorized access to critical networking devices, allowing them to manipulate settings and potentially disrupt network operations.

2. Privilege Escalation: By creating local user accounts with higher privileges, threat actors can escalate their access, further compromising device and network security, and enabling more extensive malicious activities.

3. Deployment of Malicious Payloads: Once attackers utilize elevated privileges, they can write malicious scripts or implants to the file system, which can enable persistent threats, data exfiltration, or facilitate ransomware deployment across the affected network infrastructure.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2023-20198
Created by Rapid7

cisco-ios-xe-implant-detection
Created by fox-it

CVE-2023-20198
Created by smokeintheshell

More PoCs...

News Articles

Cybersecurity Dive

CVE-2023-20198

Hackers targeting Cisco IOS XE devices with BadCandy implant

Security researchers and Australian authorities warn that exploitation activity is ongoing.

2 weeks ago

Emegypt

CVE-2023-20198

ASD Alerts: BADCANDY Attacks Exploit Cisco IOS XE Vulnerability

The Australian Signals Directorate (ASD) has raised alarms about a series of cyber attacks leveraging the BADCANDY implant. This malicious software exploits a critical vulnerability in Cisco IOS XE devices, identified as CVE-2023-20198. Overview of the Cisco IOS XE Vulnerability CVE-2023-20198 has a...

2 weeks ago

Emegypt

CVE-2023-20198

Australia Alert: BadCandy Threat Targets Unpatched Cisco Devices

In recent weeks, the Australian government has issued a critical warning regarding cyberattacks targeting unpatched Cisco IOS XE devices. These attacks aim to exploit a vulnerability designated as CVE-2023-20198, which has been associated with the BadCandy webshell. Overview of the CVE-2023-20198 Vu...

2 weeks ago

More News...

References