A vulnerability was identified in Cisco IOS XE. A remote could exploit this vulnerability to trigger elevation of privilege on the targeted system.
There were two elevation of privilege vulnerabilities identified. The first vulnerability is tracked under CVE-2023-20198 which allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system. Second vulnerability is tracked under CVE-2023-20273 allows the new local user to elevate privilege to root and write the implant to the file system through the web UI feature.
Apply fixes issued by the vendor by updating to the latest versions mentioned below:
The information provided herein is on an “as is” basis, without warranty of any kind.