Critical Flaw Leads Hackers to Hijack Thousands of Cisco Devices
A critical flaw in Cisco’s software has paved the way for mass exploitation of the company’s network devices.
Hackers have been spotted hijacking thousands of Cisco products, a day after the company warned customers about the vulnerability, which has received a 10 out of 10 score for severity.
The vulnerability, dubbed CVE-2023-20198, involves the Cisco IOS XE software, which is used for the company’s router, switch, and wireless controller products. A bug in the programming can allow a hacker to create an account on the affected Cisco device, giving them full system privileges, the company warned on Monday.
In some more bad news, Cisco has yet to release a patch to address the vulnerability. Nevertheless, the company issued the warning, noting that hackers are already exploiting the flaw. Currently, the only prevention measure is to disable the HTTP server feature on the Cisco software, effectively pulling the device off the open internet.
Since then, security researchers have been warning that tens of thousands of Cisco devices connected to the internet appear to be vulnerable. It now looks like many of them have already been taken over.
Security vendor VulnCheck has been tracking the threat since Cisco noted that hijacked devices will contain an implant to receive commands from the hackers. The same implant will respond if it receives a specific HTTP post. By tapping the implant, VulnCheck has found evidence that “thousands” of internet-facing Cisco IOS XE devices have been compromised.
“This is a bad situation, as privileged access on the IOS XE likely allows attackers to monitor network traffic, pivot into protected networks, and perform any number of man-in-the-middle attacks,” VulnCheck added. For example,
Read more on pcmag.com
