Cisco.IOS.XE.Web.UI.Backdoor
Description
This indicates that a connection to or scanning of a backdoor on Cisco Systems IOS XE was detected in the network.
The backdoor allows a remote attacker to execute arbitrary console commands by sending a crafted HTTP POST request to the victim. The method through which it is installed is tracked as CVE-2023-20198.
Outbreak Alert
Active exploitation of a previously unknown vulnerabilities in the Web User Interface (Web UI) of Cisco IOS XE software when exposed to the internet or untrusted networks. According to open source articles, thousands of vulnerable devices have been compromised.
Affected Products
Cisco Systems IOS XE with Web UI enabled
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently, we are unaware of any vendor supplied patch for this issue. Monitor the vendor advisory for any patch update.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |