Emerging Threats Vulnerabilities

Patch for Cisco Zero Day Bug to Become Available Oct. 22

Image source: Shutterstock Company’s investigation shows attackers actually leveraged two previously unknown bugs, not one, as assumed. There are two important new developments around CVE-2023-20198, the widely exploited zero-day bug in the web UI of Cisco’s IOS EX software. Two 0-Day Bugs, Not One The first is, Cisco’s investigation into the recent widespread attacks targeting […]

Read More
Breaches Emerging Threats Vulnerabilities

Cisco Recommends Orgs Apply Access Lists to HTTPS Server Feature in IOS XE to Mitigate New 0-Day Threat

Image source: : Shutterstock One security vendor says adversary has used bug to infect thousands of IOS XE devices with an implant for remote code execution. Organizations can protect against the zero-day bug that Cisco disclosed in its IOS XE operating system Monday by restricting access to its HTTP Server feature from untrusted hosts and […]

Read More
Breaches Vulnerabilities

Actively Exploited Zero-Day Bug in Cisco IOS XE Gives Attackers Total Admin Access to Affected Devices

Image source: Shutterstock Cisco recommends that customers immediately disable HTTPS Server feature on all Internet-facing devices running the operating system till a fix or other workaround becomes available. An unknown threat actor is actively exploiting a zero-day vulnerability in the web user interface of Cisco’s IOS XE operating system to drop an implant for arbitrary […]

Read More