Due to a serious security vulnerability in its IOS XE operating system, tens of thousands of Cisco routers and switches are at risk. The leak concerns the devices’ web interface, through which attackers can gain full admin rights. According to vulnerability detection service LeakIx, 30 thousand Internet-connected Cisco devices may have already been compromised by the zero-day CVE-2023-20198 vulnerability. Internet census providers such as Shodan estimate that approximately 150,000 Cisco IOS XE devices are currently exposed to the Internet. The German Federal Office for Information Security (BSI) classifies the threat situation as level 2 (IT threat situation with increased observation of anomalies with temporary impairment of regular operations).
There is currently no patch for the security vulnerability. You can find out what effects the security vulnerability can have as well as all the technical background in the TechTalk article from SECUINFRA . Affected products include enterprise switches, wireless controllers, access points and a wide range of router products, such as those in the Catalyst, ASR, CSR, CBR, ISR, IR and NCS series, according to Cisco documentation. If companies suspect that they have already been compromised, we recommend an analysis by our Compromise Assessment .
