Network Alerts

Cisco IOS XE Vulnerability

Posted by Eric Bronson - October 18, 2023 - Vulnerability, Cisco, IOS XE

About the Alert

A critical vulnerability was recently disclosed that affects Cisco IOS XE products. The consequences of this vulnerability may result in a remote, unauthenticated attacker to gain full administrator privileges. Specifics of the vulnerability can be found here. Please note that this vulnerability does NOT impact all Cisco products, only products running IOS XE.

Affected Products:
Catalyst Switches - 9000 series
Catalyst Wireless Controllers - 9800 series
Catalyst Access points - 9100 series
ASR 900 & 1000 series
NCS 4200 series
For a complete list, view Cisco IOS XE product list here.

Key Takeaways:

  • Critical severity
  • Actively exploited
  • Malicious actor(s) could gain full administrator privileges

Mitigating the Vulnerability

It is recommended to disable the HTTP server feature on an affected Internet facing device until a patch is released. If you utilize any of the affected products and would like assistance with assessing exposure or best go forward plan, please reach out to your SymQuest Account Executive.

Never miss a critical vulnerability alert

Stay in the know and receive a notification right to your inbox when a security message is posted.

Subscribe

Subscribe to receive Network Alerts

×