This alert is intended for IT teams who manage router and networking switch configurations for organisations.
Background / What has happened?
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of reports of active exploitation of a previously unknown (“zero day”) vulnerability in the web user interface (UI) feature of Cisco IOS XE Software (CVE-2023-20198).
Exploitation of this vulnerability could allow a remote, unauthenticated user to create a highly privileged account on the vulnerable system, allowing them to take control of the system.
The ASD’s ACSC is aware that there is successful exploitation attempts against Australian organisations at this time.
Mitigation / How do I stay secure?
Patches are now available for some affected versions.
All Australian organisations using the web UI feature of Cisco IOS XE Software are strongly encouraged to patch affected systems where possible, or follow the recommendations detailed in Cisco’s security advisory until a patch is made available:
Cisco reports active exploitation of this vulnerability and has published indicators of compromise to assist system owners in investigating for signs of malicious activity.
Assistance / Where can I go for help?
The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations or individuals that have been impacted or require assistance can contact us via 1300 CYBER1 (1300 292 371).