Cisco has identified a critical security issue affecting its IOS XE software, specifically a zero-day vulnerability tracked as CVE-2023-20273 with a CVSS score of 7.2. This flaw is actively exploited by unknown threat actors to deploy a malicious Lua-based implant on vulnerable devices. Additionally, this zero-day was utilized in conjunction with CVE-2023-20198 (CVSS score: 10.0) to create an exploit chain.
The exploitation of these vulnerabilities poses significant risks, as it could enable an unauthenticated remote attacker to gain complete control over the affected systems. This control can lead to the compromise of routers and switches, unauthorized monitoring of network traffic, injection and redirection of network data, and the establishment of a persistent foothold within the network.
It is estimated that more than 41,000 Cisco devices running the vulnerable IOS XE software may have been compromised. If you are using this software, take immediate action to secure your environment.
The U.S. CISA has issued a warning about these vulnerabilities and the associated risks. Organizations are urged to take these warnings seriously and apply the necessary patches as soon as possible.
The exploitation of these vulnerabilities highlights the critical need for organizations to maintain the security of their network infrastructure. Prompt patching and vigilance in monitoring for suspicious activities are essential in mitigating these threats. Organizations of all sizes should act to safeguard their environments against these potentially devastating attacks.