Cisco Releases First In Series Of Patches For IOS XE Vulnerabilities

The tech giant says one software release has been fixed to address a critical vulnerability, as well as a second zero-day flaw, which together have been widely exploited in attacks.


Cisco has released the first in a series of patches to address a critical IOS XE vulnerability that’s been widely exploited in attacks.

“The first fixed software releases have been posted on Cisco Software Download Center,” the company said in an update to its advisory Sunday.

[Related: Hackers Hit The IT Industry: 12 Companies Targeted In 2023]

Sponsored post

The advisory lists three additional versions of IOS XE that will be patched in future updates. The expected dates for the next patches to roll out has not been disclosed.

Researchers said tens of thousands of IOS XE devices were compromised in the attacks last week.

The patch addresses both the critical privilege-escalation vulnerability as well as a second zero-day flaw that has a much lower severity rating, but has still played a role in the attacks, according to Cisco.

“Through ongoing investigation, we uncovered the attacker combined two vulnerabilities to bypass security measures (the first for initial access and the second to elevate privilege once authenticated),” Cisco said in a statement provided to CRN Friday.

First disclosed Oct. 16 by Cisco as a zero-day vulnerability, the original flaw enables a malicious actor to “gain initial access and issued a privilege 15 command to create a local user and password combination,” the company said in its advisory. “This allowed the user to log in with normal user access.”

The vulnerability (tracked as CVE-2023-20198) has been awarded the maximum severity rating, 10.0 out of 10.0.

The second vulnerability, tracked as CVE-2023-20273, has received a severity rating of 7.2 out of 10.0, Cisco said. Utilizing the flaw, “the attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system,” the company said.

Along with widely used enterprise switches in the Cisco Catalyst 9000 line, IOS XE also is used to run numerous other types of devices, many of which often run in edge environments. Those include branch routers, industrial routers and aggregation routers, as well as Catalyst 9100 access points and “IoT-ready” Catalyst 9800 wireless controllers.