Cisco IOS XE und die verschwundenen Hintertüren
Die Anzahl der offensichtlich kompromittierten Geräte ist auch in Deutschland schlagartig gefallen, was wohl kaum an den gerade erschienenen Patches liegt.
" Critical Vulnerability in Cisco IOS XE Software Web UI!
"
Cisco has identified a critical privilege escalation vulnerability in the web UI feature of Cisco IOS XE Software. If exposed to the internet or untrusted networks, this flaw allows remote, unauthenticated attackers to create an account with privilege level 15 access, potentially gaining control of the affected system.
Cisco is actively aware of the exploitation of this vulnerability. The issue was discovered during the resolution of multiple Cisco TAC support cases. There are currently no workarounds available. However, Cisco recommends disabling the HTTP Server feature on all internet-facing systems as a precautionary measure.
For more details and to check if your system might be affected, visit the official advisory: Cisco Security Advisory
Tags: #Cisco #IOSXE #WebUI #Vulnerability #PrivilegeEscalation #CyberSecurity #InfoSec #PatchNow