virus logo Intrusion Prevention

Cisco.IOS.XE.Web.UI.Backdoor

description-logoDescription

This indicates that a connection to or scanning of a backdoor on Cisco Systems IOS XE was detected in the network.
The backdoor allows a remote attacker to execute arbitrary console commands by sending a crafted HTTP POST request to the victim. The method through which it is installed is tracked as CVE-2023-20198.

description-logoOutbreak Alert

Active exploitation of a previously unknown vulnerabilities in the Web User Interface (Web UI) of Cisco IOS XE software when exposed to the internet or untrusted networks. According to open source articles, thousands of vulnerable devices have been compromised.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Cisco Systems IOS XE with Web UI enabled

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently, we are unaware of any vendor supplied patch for this issue. Monitor the vendor advisory for any patch update.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-10-24 25.663 Default_action:pass:drop
2023-10-19 25.661
ID 54224
Created Oct 19, 2023
Updated Oct 23, 2023
Outbreak Alert Cisco IOS XE Web UI Vulnerability
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2023-20198
Known Exploited Yes
Exploit Prediction Score 87.33%
Default Action drop
Active
Affected OS Other
Affected App Cisco