Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices

    justmattgBy justmattgOctober 22, 2023No Comments3 Mins Read

    [ad_1]

    Oct 21, 2023NewsroomZero-Day / Vulnerability

    Cisco Zero-Day

    Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a malicious Lua-based implant on susceptible devices.

    Tracked as CVE-2023-20273 (CVSS score: 7.2), the issue relates to a privilege escalation flaw in the web UI feature and is said to have been used alongside CVE-2023-20198 (CVSS score: 10.0) as part of an exploit chain.

    “The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination,” Cisco said in an updated advisory published Friday. “This allowed the user to log in with normal user access.”

    Cybersecurity

    “The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system,” a shortcoming that has been assigned the identifier CVE-2023-20273.

    A Cisco spokesperson told The Hacker News that a fix that covers both vulnerabilities has been identified and will be made available to customers starting October 22, 2023. In the interim, it’s recommended to disable the HTTP server feature.

    While Cisco had previously mentioned that a now-patched security flaw in the same software (CVE-2021-1435) had been exploited to install the backdoor, the company assessed the vulnerability to be no longer associated with the activity in light of the discovery of the new zero-day.

    “An unauthenticated remote actor could exploit these vulnerabilities to take control of an affected system,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said. “Specifically, these vulnerabilities allow the actor to create a privileged account that provides complete control over the device.”

    Cybersecurity

    Successful exploitation of the bugs could allow attackers to gain unfettered remote access to routers and switches, monitor network traffic, inject and redirect network traffic, and use it as a persistent beachhead to the network due to the lack of protection solutions for these devices.

    The development comes as more 41,000 Cisco devices running the vulnerable IOS XE software are estimated to have been compromised by threat actors using the two security flaws, per data from Censys and LeakIX.

    “On October 19, the number of compromised Cisco devices has ebbed to 36,541,” the attack surface management firm said. “The primary targets of this vulnerability are not large corporations but smaller entities and individuals.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleEuropol Dismantles Ragnar Locker Ransomware Infrastructure, Nabs Key Developer
    Next Article Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑