Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI).
The guidance now notes that Cisco has fixed these vulnerabilities for the 17.6 Cisco IOS XE software release train with the 17.6.6a update. According to Cisco’s Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature, fixes are still to be determined for the following Cisco IOS XE software release trains: 17.3, 16.12 (Catalyst 3650 and 3850 only). Cisco previously published the fixed release for 17.9, which is 17.9.4a, on Oct. 22. CISA urges organizations with the 17.9 and 17.6 Cisco IOS XE software release train to immediately update to the 17.9.4a and 17.6.6a releases, respectively.
CISA urges organizations to review:
CISA has added CVE-2023-20198 (on Oct. 16, 2023) and CVE-2023-20273 (on Oct. 23, 2023) to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.
CISA released seven Industrial Control Systems (ICS) advisories on June 5, 2025. These advisories provide…
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security…
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence…
CISA added five new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of…
CISA released five Industrial Control Systems (ICS) advisories on May 29, 2025. These advisories provide…
This website uses cookies.