Carding 4 Carders
Professional
Despite the update, tens of thousands of devices remain at risk.
An exploit for the critical vulnerability CVE-2023-20198 in Cisco IOS XE, which was used to hack tens of thousands of devices, has become publicly available. Cisco has released patches for most versions of IOS XE, but thousands of systems are still compromised.
Researchers from the company Horizon3.ai We have revealed a technique that an attacker can use to bypass authentication on vulnerable Cisco IOS XE devices. Experts have shown how attackers can use a high-risk vulnerability to create a new user with level 15 permissions (all commands are available), which provides full control over the device.
The creation of the exploit was made possible thanks to information obtained from the honeypot, which was installed by the SECUINFRA team for digital forensics and incident response tasks.
Cisco has updated its security bulletin for CVE-2023-20198, announcing the release of updates for IOS XE that address the vulnerability. At the moment, version 17.3 remains the only one still affected by the issue, as the new release is not yet available. The company also fixed the issue in Software Maintenance Updates (SMU). New software versions are available in the Cisco Software Download Center.
According to Shodan, the threat can affect up to 80,000 devices connected to the network, but this number suddenly decreased shortly after many compromised devices became invisible when hackers changed the malicious code by adding an authorization header check before responding. As of October 26, the network detected about 28,900 Cisco IOS XE hosts with signs of compromise.
An exploit for the critical vulnerability CVE-2023-20198 in Cisco IOS XE, which was used to hack tens of thousands of devices, has become publicly available. Cisco has released patches for most versions of IOS XE, but thousands of systems are still compromised.
Researchers from the company Horizon3.ai We have revealed a technique that an attacker can use to bypass authentication on vulnerable Cisco IOS XE devices. Experts have shown how attackers can use a high-risk vulnerability to create a new user with level 15 permissions (all commands are available), which provides full control over the device.
The creation of the exploit was made possible thanks to information obtained from the honeypot, which was installed by the SECUINFRA team for digital forensics and incident response tasks.
Cisco has updated its security bulletin for CVE-2023-20198, announcing the release of updates for IOS XE that address the vulnerability. At the moment, version 17.3 remains the only one still affected by the issue, as the new release is not yet available. The company also fixed the issue in Software Maintenance Updates (SMU). New software versions are available in the Cisco Software Download Center.
According to Shodan, the threat can affect up to 80,000 devices connected to the network, but this number suddenly decreased shortly after many compromised devices became invisible when hackers changed the malicious code by adding an authorization header check before responding. As of October 26, the network detected about 28,900 Cisco IOS XE hosts with signs of compromise.
