Mastodawn

Unpatched Cisco devices in Australia are still falling prey to the sneaky BadCandy webshell—even after patches were released! What happens when hundreds of systems remain at risk despite warnings? Read more to find out.

https://thedefendopsdiaries.com/australia-warns-of-badcandy-infections-on-unpatched-cisco-devices/

#badcandy
#ciscosecurity
#cyberthreats
#networksecurity
#cve202320198

Dark Web Informer

Apr 27, 2024

🚨EXPLOIT POC🚨PoC for CVE-2023-20198 Cisco IOS XE RCE and query released by @W01fh4cker.

#Clearnet #DarkWebInformer #DarkWeb #Exploit #Cyberattack #Cybercrime #Cisco #Infosec #CTI #CVE202320198 #Vulnerability

GitHub: https://github.com/W01fh4cker/CVE-2023-20198-RCE

X Link: https://twitter.com/DarkWebInformer/status/1784360877132525857

GitHub - W01fh4cker/CVE-2023-20198-RCE: CVE-2023-20198-RCE, support adding/deleting users and executing cli commands/system commands.

CVE-2023-20198-RCE, support adding/deleting users and executing cli commands/system commands. - W01fh4cker/CVE-2023-20198-RCE

GitHub

Show thread

Gonçalo Ribeiro Oct 25, 2023

Regarding the #Cisco #IOS XE web UI RCE vuln, I wanted to test a few things in a lab environment to help with forensics, detection, etc. But the software is #proprietary and it seems Cisco tries quite hard to make it inaccessible to anyone not paying them. So it's a challenge for #defenders to get some basic answers from a device they control and know is not compromised.

#vulnerability #CVE_2023_20198 #CVE202320198

Show thread

Gonçalo Ribeiro Oct 21, 2023

Mass scanning a bit too hard for exposed #Cisco IOS XE got me a temporary block from #Hetzner.

Most devices in #Shodan seem implanted. Those not in Shodan not so much.

#vulnerability #CVE202320198 #RCE

Censys Oct 18, 2023

#CensysResearch ran a scan this morning using an updated query, and we are now seeing 41,983 hosts with signs of being compromised by CVE-2023-20198 (that is up from 34,140 reported last night) Read the update: https://censys.com/cve-2023-20198-cisco-ios-xe-zeroday/

#threatResearch #vulnerability #CVE202320198 #zeroDay

CVE-2023-20198 - Cisco IOS-XE ZeroDay

Censys researchers examine exposure and exploitation of a critical zero day in Cisco's IOS XE Software Web UI

Censys

Caitlin Condon Oct 18, 2023

Some Rapid7 attacker behavior observations on Cisco IOS XE #CVE202320198 in our blog now. Most are similar to what Cisco Talos has seen. Multiple instances of exploitation in a single day, with slightly varied techniques, in one customer environment. https://www.rapid7.com/blog/post/2023/10/17/etr-cve-2023-20198-active-exploitation-of-cisco-ios-xe-zero-day-vulnerability/

Active Exploitation of Cisco IOS XE Zero-Day Vulnerability | Rapid7 Blog

On October 16, Cisco’s Talos group released a blog on an active threat campaign exploiting CVE-2023-20198, a zero-day vuln in Cisco IOS XE software.

Rapid7

Censys Oct 18, 2023

Read our full analysis on the #Cisco IOS XE Web UI #zeroDay here: https://censys.com/cve-2023-20198-cisco-ios-xe-zeroday/

As of last night, we're seeing over 34k devices that appear to be compromised...

The #CensysResearch team is continuing to monitor exposure and devices with signs of compromise.

#threatResearch #vulnerability #CVE202320198 #zeroDay

CVE-2023-20198 - Cisco IOS-XE ZeroDay

Censys researchers examine exposure and exploitation of a critical zero day in Cisco's IOS XE Software Web UI

Censys

mle✨Oct 18, 2023

🚨 Our team at Censys is rolling out a new label for #Cisco IOS XE Web UI services in response to CVE-2023-20198:
"labels=cisco-xe-webui"

As of tonight, we're seeing over 34K devices that appear to be compromised.

➡️ Read our full report here:
https://censys.com/cve-2023-20198-cisco-ios-xe-zeroday/

➡️ Find devices on Censys Search: https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=labels%3D%60cisco-xe-webui%60

#CensysResearch #threatResearch #vulnerability #CVE202320198 #zeroDay

CVE-2023-20198 - Cisco IOS-XE ZeroDay

Censys researchers examine exposure and exploitation of a critical zero day in Cisco's IOS XE Software Web UI

Censys

Gonçalo Ribeiro Oct 16, 2023

Go mitigate your #Cisco IOS XE routers right how. There's a #0day being exploited since September. You'll also need to assess if they are already compromised or not. What a mess.

https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z

#vulnerability #CVE202320198 #RCE

Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities

Cisco has identified active exploitation of two previously unknown vulnerabilities in the Web User Interface (Web UI) feature of Cisco IOS XE software - CVE-2023-20198 and CVE-2023-20273 - when exposed to the internet or untrusted networks.

Cisco Talos Blog