Today, CISA, in response to active, widespread exploitation, released guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). An unauthenticated remote actor could exploit these vulnerabilities to take control of an affected system. Specifically, these vulnerabilities allow the actor to create a privileged account that provides complete control over the device.
CISA urges organizations running Cisco IOS XE Web UI to review CISA’s guidance and immediately implement the mitigations outlined in:
These mitigations include disabling the HTTP Server feature on internet-facing systems, and hunt for malicious activity on their network.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-41940 WebPros…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-1708 ConnectWise ScreenConnect Path…
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on…
This website uses cookies.