Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Cisco IOS XE Web UI Implant (CVE-2023-20198)

Description

Due to CVE-2023-20198, cybercriminals installed an implant on the Cisco IOS. The implant gives full access to the system for anonymous users.

Remediation

Check Web References.

References

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability

Related Vulnerabilities

WordPress Plugin Product Table by WBW Remote Code Execution (2.0.1)

WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)

MobileIron Log4Shell RCE

Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)

Ivanti Sentry Authentication Bypass (CVE-2023-38035)

Severity

Critical

Classification

CVE-2023-20198 CWE-912 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Code Execution Malware