A previously unknown vulnerability (CVE-2023-20198) affecting networking devices running Cisco IOS XE software is being exploited by a threat actor to take control of the devices and install an implant, Cisco Talos researchers have warned today. About CVE-2023-20198 CVE-2023-20198 is a privilege escalation vulnerability in the web UI feature of Cisco IOS XE software, which is installed on various Cisco controllers, switches, edge, branch and virtual routers. The web UI is an embedded GUI-based tool … More

The post Cisco IOS XE zero-day exploited by attackers to deliver implant (CVE-2023-20198) appeared first on Help Net Security.