cisco ios-xe CVE-2023-20273 is a vulnerability in Cisco IOS XE
Published on October 25, 2023

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

Vendor Advisory NVD

Known Exploited Vulnerability

This Cisco IOS XE Web UI Unspecified Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Cisco IOS XE contains an unspecified vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.

The following remediation steps are recommended / required by October 27, 2023: Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to d

Vulnerability Analysis

CVE-2023-20273 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.2 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.


Products Associated with CVE-2023-20273

You can be notified by stack.watch whenever vulnerabilities like CVE-2023-20273 are published in these products:

Cisco IOS XE
 

What versions of IOS XE are vulnerable to CVE-2023-20273?

Each of the following must match for the vulnerability to exist.