Latest Cisco IOS & IOS-XE software vulnerabilities #
Cisco released its semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication which includes software updates that addresses the following vulnerabilities in their IOS & IOS XE software.
CVE | Status | CVSS Score |
High | 8.6 | |
High | 8.6 | |
High | 8.6 | |
High | 8.6 | |
High | 8.6 | |
High | 8.6 | |
High | 8.1 | |
Medium | 6.5 | |
Medium | 6.5 | |
Medium | 5.8 | |
Medium | 4.7 | |
Medium | 4.3 |
What is the impact? #
Successful exploitation of these vulnerabilities range from denial-of-service attacks, privilege escalation, and arbitrary code execution.
Are updates or workarounds available? #
Cisco has indicated on each of these there are software updates available that its customers should apply to fix the issues outline in the advisory.
How do I find potentially vulnerable systems with runZero? #
From the Service Inventory, use the following query to locate systems running potentially vulnerable software:
os:"Cisco IOS%"October 25, 2021 #
Cisco Systems has disclosed 14 vulnerabilities in their devices which run Cisco IOS & IOS XE software.
CVE | Status | CVSS Score |
High | 8.6 | |
High | 8.6 | |
High | 8.6 | |
High | 8.6 | |
High | 7.4 | |
High | 7.4 | |
High | 7.4 | |
High | 7.4 | |
Medium | 6.5 | |
Medium | 6 | |
Medium | 5.8 | |
Medium | 5.6 | |
Medium | 5.5 |
What is the impact? #
Successful exploitation of these vulnerabilities range from denial-of-service attacks, privilege escalation, and arbitrary code execution.
Are updates or workarounds available? #
There are no workarounds for these vulnerabilities.
Cisco has released free software updates that address the vulnerability described in this advisory. Customers with service contracts that entitle them to regular software updates should obtain security fixes through their usual update channels.
How do I find potentially vulnerable systems with runZero? #
From the Service Inventory, use the following query to locate systems running potentially vulnerable software:
os:"Cisco IOS%"CVE-2023-20198 (October 2021) #
In October 2021, an actively exploited critical zero-day vulnerability surfaced in the Cisco IOS-XE operating system, used on Cisco routers, switches, and other devices. Deemed “critical” in severity with a CVSS score of 10 out of 10, this vulnerability affected any device running Cisco IOS-XE with the Web UI component enabled.
What was the impact? #
Upon successful exploitation, this vulnerability (tracked as CVE-2023-20198) allowed attackers to execute arbitrary commands on the vulnerable system. This included the creation of privileged users, installation of additional modules or code, and, in general, total system compromise.
Cisco recommended disabling the Web UI component of all Internet-facing IOS-XE devices.
How runZero users found potentially vulnerable Cisco IOS-XE devices #
From the Services Inventory, the following query was used to locate assets running the Cisco IOS-XE operating system in a network that exposed a web interface and which may have needed remediation or mitigation:
(products:nginx OR products:openresty) AND _asset.protocol:http AND protocol:http AND http.body:"window.onload=function%url%=%/webui"
