Carding 4 Carders
Professional
Cisco is facing a new threat in its software.
Cisco has identified another problem related to a popular line of software, after security experts expressed concerns about thousands of possible victims affected by the zero-day vulnerability.
This week, Cisco published a report and detailed post about CVE-2023-20198, warning that the threat has the highest possible CVSS score of 10, and it is actively exploited by hackers . A patch to fix the issue was not available, and Cisco strongly advised customers to ensure that affected devices are not accessible from the Internet.
The tech giant said Friday that a patch for the issue will be available on Sunday. The company also addressed a specific issue that was mentioned in the blog post and that caused alarm among experts. Cisco initially said that during attacks related to the vulnerability, their incident response specialists noticed that hackers were also exploiting CVE-2021-1435, which Cisco eliminated in 2021.
Devices that were fully protected from this bug were infected with malware that was successfully installed "using an undefined mechanism".
Cisco has updated its CVE-2023-20198 advisory to include a new vulnerability, tracked as CVE-2023-20273, that addresses this particular issue. They updated the blog to explain that the patch, which will be released on Sunday, will solve both problems. They added that the vulnerability CVE-2021-1435, which was fixed in 2021, "is no longer considered to be related to this activity."
The issue affects routers, switches, access points, Cisco wireless controllers, and many other devices.
Cybersecurity experts believe that hackers exploiting this bug can monitor network traffic, intercept privileged network communications, inject and redirect network traffic, disrupt secure network segments, and use a compromised device as a "permanent foothold for the network."
Cisco has identified another problem related to a popular line of software, after security experts expressed concerns about thousands of possible victims affected by the zero-day vulnerability.
This week, Cisco published a report and detailed post about CVE-2023-20198, warning that the threat has the highest possible CVSS score of 10, and it is actively exploited by hackers . A patch to fix the issue was not available, and Cisco strongly advised customers to ensure that affected devices are not accessible from the Internet.
The tech giant said Friday that a patch for the issue will be available on Sunday. The company also addressed a specific issue that was mentioned in the blog post and that caused alarm among experts. Cisco initially said that during attacks related to the vulnerability, their incident response specialists noticed that hackers were also exploiting CVE-2021-1435, which Cisco eliminated in 2021.
Devices that were fully protected from this bug were infected with malware that was successfully installed "using an undefined mechanism".
Cisco has updated its CVE-2023-20198 advisory to include a new vulnerability, tracked as CVE-2023-20273, that addresses this particular issue. They updated the blog to explain that the patch, which will be released on Sunday, will solve both problems. They added that the vulnerability CVE-2021-1435, which was fixed in 2021, "is no longer considered to be related to this activity."
The issue affects routers, switches, access points, Cisco wireless controllers, and many other devices.
Cybersecurity experts believe that hackers exploiting this bug can monitor network traffic, intercept privileged network communications, inject and redirect network traffic, disrupt secure network segments, and use a compromised device as a "permanent foothold for the network."
