Warning Against Cisco IOS XE Software Web UI Vulnerabilities (CVE-2023-20198, CVE-2023-20273) Posted By ryushsh , October 30, 2023 Overview This month, Cisco released a security advisory regarding two vulnerabilities currently being actively exploited in actual attacks: CVE-2023-20198 and CVE-2023-20273. These vulnerabilities are present in the web UI feature of Cisco IOS XE Software. The CVE-2023-20198 vulnerability allows an unauthorized threat actor to create an arbitrary account with level 15 privileges, which is the highest level of access permission possible, and take control over the system. The CVE-2023-20273 vulnerability allows command injection which enables malicious content to be written…
