Cisco IOS XE devices with more than 42,000 vulnerable to exploitation, no remedy in sight
A critical zero-day vulnerability, CVE-2023-20198, has been identified in the Cisco IOS XE web interface. This flaw allows remote, unauthenticated attackers to gain control over a system, potentially escalating privileges and creating admin accounts.
According to the Cisco IOS XE 17.15.1 technical FAQs update, the expected release date for the patch addressing this vulnerability is around August 14, 2025. This software release, scheduled for roughly mid-August 2025, includes this vulnerability in its technical FAQs, suggesting that the patch or mitigation is included or closely aligned with this release.
No earlier patch date specific to CVE-2023-20198 has been noted in recent Cisco advisories or changelogs, reinforcing August 14, 2025 as the anticipated timeframe for remediation availability.
Security researchers have found nearly 42,000 exploited devices with a backdoor installed, although the exact nature of this backdoor is not specified. More than half of the 67,445 total hosts utilizing the Cisco web interface at the time were infected.
The highest number of infected devices was reported in the U.S. (4,659) and the Philippines (3,224), as of Tuesday. Emily Austin, a senior security researcher at Censys, stated that they've seen an increase in the number of infected devices each time they run a manual scan of known Cisco IOS XE Web UI devices.
Cisco officials are working to develop a patch for the vulnerability, but no existing workarounds are available. They have urged users to disable the HTTP Server feature on internet-facing systems as a temporary measure.
The impacted organizations appear to be telecommunications companies providing services mainly to small business organizations and remote business users. The evolving role of Chief Information Security Officers (CISOs) involves better understanding the risk calculus of their technology stacks and answering the question: Are we a target?
This news serves as a reminder for organizations using Cisco IOS XE software to plan to apply updates from the 17.15.1 release or later, expected from mid-August 2025, to mitigate this critical zero-day vulnerability. As always, it's crucial to stay vigilant and keep systems up-to-date to maintain security.
Cybersecurity experts should prioritize data-and-cloud-computing systems that utilize the Cisco IOS XE web interface, as the urgency for addressing the critical zero-day vulnerability, CVE-2023-20198, becomes imminent. With an anticipated patch release date on August 14, 2025, cybersecurity teams should prepare to apply updates from the 17.15.1 release or later to safeguard their systems from potential cybersecurity threats, emphasizing the importance of technology updates in maintaining cybersecurity.
