Cisco IOS XE Web UI Vulnerability
Date of Notice: 10/16/2023
Action Level - Critical
Cisco has released a security advisory regarding a vulnerability that was recently discovered in OS XE. This vulnerability is present on any IOS XE system with the web UI feature enabled and if exploited could allow a remote, unauthenticated attacker to create a privilege level 15 account and gain control of the affected system. As of this writing there are no updates to remediate the vulnerability, but Cisco has provided instructions on disabling the web UI as well as indicators that a system has been compromised.
- All versions of Cisco IOS XE as of this writing
An unauthenticated attacker with network access to the device running IOS XE with web UI functionality enabled.
Per Cisco, it is possible the vulnerability may have been exploited. See Cisco Security Advisory for relevant IOCs (Indicators of Compromise).
Cisco recommends disabling the HTTP and HTTPS Server features on all internet-facing systems.
There is no fix currently available for this vulnerability.
Vendor ResourcesCisco Security Advisory (includes recommended actions and IOCs)