Alert - Vulnerability impacting Cisco devices (CVE-2023-20198) - Update 2
On October 16, 2023, Cisco reported that a critical, 0-day privilege escalation vulnerability in the web UI interface of routers, switches and wireless controllers running IOS XE are being remotely exploited to gain privileged access. This vulnerability is tracked under CVE-2023-20198 and has the maximum security CVSS rating of 10.0. Open source is reporting that thousands of online, vulnerable devices have been compromised. This Alert is being published to raise awareness of this activity, highlight the potential impact to organizations and to provide guidance for organizations who may be impacted by this malicious activity.
Reference 6: Shadowserver IOS XE post