Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI).
The guidance now notes that Cisco has fixed these vulnerabilities for the 17.3 Cisco IOS XE software release train with version 17.3.8a. CISA urges organizations to immediately apply necessary updates.
CISA urges organizations to review:
- CISA’s updated guidance
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature
- Cisco Talos Threat Advisory: Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities