Patch Coming for Cisco IOS XE Software Vulnerabilities, Exploitations Mount

The patch should be available to customers next week.

Edward Gately, Senior News Editor

October 20, 2023

2 Min Read
Patch downloading

Cisco has identified a patch to a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software.

Cisco reported active exploitation of the vulnerability earlier this week. Through its ongoing investigation, it uncovered the attacker combined two vulnerabilities to bypass security measures, the first for initial access and the second to elevate privilege once authenticated.

Cisco estimates initially releasing the patch that covers both vulnerabilities to customers starting Oct. 22. However, there are actions customers can take immediately.

Cisco strongly recommends that customers disable the HTTP Server feature on all internet-facing systems or restrict its access to trusted source addresses.

Web UI is an embedded graphical user interface (GUI)-based system-management tool that provides the ability to provision the system, to simplify system deployment and manageability, and to enhance the user experience. It comes with the default image, so there is no need to enable anything or install any license on the system. Web UI can be used to build configurations, as well as to monitor and troubleshoot the system without command line interface (CLI) expertise.

Cisco IOS XE Systems Compromised

Earlier this week, researchers at VulnCheck performed an internet scan and identified more than 10,000 compromised Cisco IOS XE systems that had been implanted with the unidentified threat actor(s) remote access tools.

According to, attackers with this type of unfettered remote access to a network device could take the following actions with associated impacts:

  • Monitor network traffic – eavesdropping on privileged network communications.

  • Inject and redirect network traffic – exposing the enterprise to man-in-the-middle attacks.

  • Breach protected network segments.

  • Utilize it as a persistent beachhead to the network as there is a lack of detection/protection solutions for these devices and they can often go overlooked during patch cycles until a disruption to user activity is noticed.

Foster-Josh_horizonai.jpg’s Josh Foster Attack Team technical manager Josh Foster said the active exploitation of this vulnerability “demonstrates the relentless efforts by malicious actors to exploit system weaknesses, making it imperative for organizations to apply immediate patches and also have a long-term, sustainable cybersecurity strategy in place.”

“Regularly monitoring system logs for unusual activities, training staff to recognize potential threats, having an incident response plan ready, and subscribing to a routine of frequent internal and external penetration testing are some of the key steps in creating a resilient cybersecurity infrastructure,” he said.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like