Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
CISA Issues Urgent Warning: Actively Exploited Cisco Flaws Require Immediate Patching
Advertisements

CISA Adds Exploited Cisco Vulnerabilities to KEV Catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) has added two Cisco vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling that they are being actively exploited by threat actors. The two flaws, identified as CVE-2023-20198 and CVE-2021-1435, affect different Cisco products and present significant security risks to organizations. CISA has issued a directive for federal agencies to apply the necessary patches to mitigate these threats.

Details on CVE-2023-20198: IOS XE Zero-Day Flaw

The first vulnerability, CVE-2023-20198, is a critical privilege escalation flaw discovered in the Web User Interface of Cisco’s IOS XE software. This flaw was part of a zero-day campaign, meaning it was exploited before a patch was available. The vulnerability allows a remote, unauthenticated attacker to create an account on an affected device with full administrator privileges. With this level of access, an attacker can gain complete control over the system. Cisco released a patch for this vulnerability in late October 2023, following reports that thousands of devices had been compromised globally.

Details on CVE-2021-1435: Prime License Manager Vulnerability

The second vulnerability, CVE-2021-1435, is a command injection flaw within the web user interface of the Cisco Prime License Manager (PLM). This flaw allows an authenticated attacker with administrative privileges to execute arbitrary commands on the underlying operating system with root privileges. While this vulnerability requires the attacker to first be authenticated, it is still classified as a critical security issue. Cisco addressed and patched this vulnerability in 2022. Its inclusion in the KEV catalog confirms it is now being actively used in attacks.

In response to the active exploitation of these vulnerabilities, CISA has set a patching deadline of December 26, 2023, for all Federal Civilian Executive Branch (FCEB) agencies. This directive also serves as a strong advisory for all public and private organizations to prioritize patching their vulnerable Cisco systems to prevent compromise.

Source: https://www.techradar.com/pro/security/cisa-warns-exploited-cisco-flaws-are-a-serious-risk-so-patch-now