Components Affected
Overview
A vulnerability was identified in Cisco IOS XE. A remote could exploit this vulnerability to trigger elevation of privilege on the targeted system.
Description
There were two elevation of privilege vulnerabilities identified. The first vulnerability is tracked under CVE-2023-20198 which allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. Second vulnerability is tracked under CVE-2023-20273 allows the new local user to elevate privilege to root and write the implant to the file system through the web UI feature.
Impact
Solution/ Workarounds
Apply fixes issued by the vendor by updating to the latest versions mentioned below:
Reference
Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind.