You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
On October 16th, Cisco disclosed an authentication bypass vulnerability affecting Cisco IOS-XE appliances with CVE-IDCVE-2023-20198. An unknown threat actor is actively placing implants on the vulnerable appliances worldwide. This is a serious situation as implants allow threat actors to monitor traffic, gain access to the underlying system and pivot into protected networks. For additional guidance, please find the Cisco PSIRT advisory at the bottom of this page.
On October 16th, Cisco disclosed an authentication bypass vulnerability affecting Cisco IOS-XE appliances with CVE-IDCVE-2023-20198. An unknown threat actor is actively placing implants on the vulnerable appliances worldwide. This is a serious situation as implants allow threat actors to monitor traffic, gain access to the underlying system and move into protected networks. For additional guidance, please find the Cisco PSIRT advisory at the bottom of this page.
## Recommendations
Given that no patch is yet available, disable HTTP(S) access to any management interfaces if possible. If HTTP(S) access is required, implement an Access Control List to limit access.
No patch is currently available, therefore disable HTTP(S) access to any management interfaces if possible. If HTTP(S) access is required, implement an Access Control List to limit access.
