9621 Agnes Crossing, Lake Suzanneview, New Mexico Island 84604-9295.
Investigations into an exploited zero day in the web UI of Cisco IOS XE software have uncovered a new vulnerability. The company has since released several patches. A
Investigations into an exploited zero day in the web UI of Cisco IOS XE software have uncovered a new vulnerability. The company has since released several patches.
A week ago, a zero-day vulnerability was discovered at Cisco that has been actively exploited since September. During the investigation following this discovery, the Cisco team discovered a second vulnerability, also in the IOS XE software. The company has now released patches for both issues.
The new vulnerability is called CVE-2023-20273 and has a CVSS score of 7.2, which is less critical than the first zero-day. Attackers went through another web UI component to access the file system as a new local user.
Both vulnerabilities are being monitored by the Cisco team. The company has also put together an advice page for the two errors.
The released patches are included in the updates to version 17.9, which is now available. As in the previous case, Cisco recommends disabling HTTP/S servers on systems located on the Internet.
Last month, Cisco expanded its security by acquiring cybersecurity company Splunk. It was the company’s most expensive purchase to date.
Source: IT Daily
As an experienced journalist and author, Mary has been reporting on the latest news and trends for over 5 years. With a passion for uncovering the stories behind the headlines, Mary has earned a reputation as a trusted voice in the world of journalism. Her writing style is insightful, engaging and thought-provoking, as she takes a deep dive into the most pressing issues of our time.
