Tens of Thousands of Cisco Devices Hacked via Zero-Day Vulnerability
Tens of thousands of Cisco devices have reportedly been hacked through the exploitation of the newly disclosed IOS XE zero-day vulnerability tracked as CVE-2023-20198.
Cisco warned customers on Monday that a critical IOS XE zero-day has been exploited by threat actors to gain elevated privileges on devices. The company is working on a patch and in the meantime it has urged customers to implement mitigations.
The vulnerability impacts the IOS XE web user interface, which is delivered with the default image, and it allows a remote, unauthenticated attacker to add level 15 access accounts that provide complete control over the targeted system.
https://www.securityweek.com/tens-of-thousands-of-cisco-devices-hacked-via-zero-day-vulnerability/