Cisco users have been advised to disable the web UI feature on all internet-facing devices immediately after the company disclosed a critical zero-day vulnerability in its IOS XE software that is being actively exploited in the wild.<\/p>\n
The vulnerability, CVE-2023-20198, allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access, essentially giving them complete control of the device.<\/p>\n
Cisco says the flaw affects physical and virtual devices running its IOS XE software, with the HTTP or HTTPS Server feature turned on. The networking giant hasn’t published a full list of devices that are at risk.<\/p>\n
Also, there’s no patch or workaround. Hence, Cisco “strongly recommends” that customers disable this feature on all internet-facing systems. This also echoes guidance from the U.S. Cybersecurity and Infrastructure Security Agency on how to mitigate risk from internet-exposed management interfaces.<\/p>\n
“To disable the HTTP Server feature, use the no ip http server or no ip http secure-server command in global configuration mode,” Cisco\u2019s advisory recommends . “If both the HTTP server and HTTPS server are in use, both commands are required to disable the HTTP Server feature.”<\/p>\n