Cisco Provides Update on Investigation into Web UI Exploitation

CVE-2023-20198

What is CVE-2023-20198?

CVE-2023-20198 is a severe security vulnerability affecting Cisco IOS XE Software, a widely utilized operating system for Cisco's networking devices. This vulnerability enables attackers to exploit the web user interface (UI) to gain unauthorized access and create local user accounts with elevated privileges. By leveraging this access, threat actors can potentially compromise network integrity, disrupt operations, and deploy malicious payloads, which can have dire consequences for organizations reliant on Cisco networking solutions.

Technical Details

CVE-2023-20198 has been assigned a CVSS score of 10.0, signifying critical severity in its impact. The vulnerability allows an attacker to issue privilege 15 commands, thereby enabling the creation of local user accounts with normal access rights. This initial foothold is often followed by further exploitation of additional vulnerabilities in the system, which may lead to privilege escalation and the ability to write unauthorized files into the system's file structure. Cisco has identified this flaw in conjunction with CVE-2023-20273, indicating a multi-layered attack scenario that can be exploited by malicious actors.

Potential impact of CVE-2023-20198

1. Unauthorized Access and Control: The vulnerability permits attackers to gain unauthorized access to critical networking devices, allowing them to manipulate settings and potentially disrupt network operations.

2. Privilege Escalation: By creating local user accounts with higher privileges, threat actors can escalate their access, further compromising device and network security, and enabling more extensive malicious activities.

3. Deployment of Malicious Payloads: Once attackers utilize elevated privileges, they can write malicious scripts or implants to the file system, which can enable persistent threats, data exfiltration, or facilitate ransomware deployment across the affected network infrastructure.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2023-20198
Created by Rapid7

cisco-ios-xe-implant-detection
Created by fox-it

CVE-2023-20198
Created by smokeintheshell

More PoCs...

News Articles

CVE-2023-20198

Canada Latest Nation Targeted in Salt Typhoon Telecom Spree

The Canadian Center for Cybersecurity has confirmed that the Chinese state-sponsored cyber-threat actor targeted one of its telecommunications companies in February via a Cisco flaw, as part of global attack wave.

3 weeks ago

The Hacker News

CVE-2023-20198

China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom

Chinese Salt Typhoon actors exploit Cisco vulnerability to target global telecom providers, including Canadian devices (CVE-2023-20198).

3 weeks ago

BleepingComputer

CVE-2023-20198

Canada says Salt Typhoon hacked telecom firm via Cisco flaw

The Canadian Centre for Cyber Security and the FBI confirm that the Chinese state-sponsored 'Salt Typhoon' hacking group is also targeting Canadian telecommunication firms, breaching a telecom provider in February.

3 weeks ago

More News...

References