This indicates that a connection to or scanning of a backdoor on Cisco Systems IOS XE was detected in the network.
The backdoor allows a remote attacker to execute arbitrary console commands by sending a crafted HTTP POST request to the victim. The method through which it is installed is tracked as CVE-2023-20198.

description-logoOutbreak Alert

Active exploitation of a previously unknown vulnerabilities in the Web User Interface (Web UI) of Cisco IOS XE software when exposed to the internet or untrusted networks. According to open source articles, thousands of vulnerable devices have been compromised.

View the full Outbreak Alert Report

affected-products-logoAffected Products

Cisco Systems IOS XE with Web UI enabled

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently, we are unaware of any vendor supplied patch for this issue. Monitor the vendor advisory for any patch update.

Telemetry logoTelemetry


IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-10-24 25.663 Default_action:pass:drop
2023-10-19 25.661