Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature
|
Información sobre el sistema
|
| |
|
|
Software afectado |
Cisco |
Descripción
|
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in IOS-XE. A fix has been identified and the build, test, and release process has been initiated. The first fixed software releases are estimated to post on Cisco Software Download Center on Sunday, 22 October 2023. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Vulnerabilities%20in%20Cisco%20IOS%20XE%20Software%20Web%20UI%20Feature&vs_k=1 |
Identificadores estándar
|
|
Propiedad |
Valor |
|
CVE |
CVE-2023-20198 and CVE-2023-20273. |
