Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Australian Cyber Security Centre releases critical alert over Cisco IOS XE vulnerability

The flaw could lead to a remote takeover of a system, the ACSC warns.

user icon David Hollingworth
Tue, 17 Oct 2023
Australian Cyber Security Centre releases critical alert over Cisco IOS XE vulnerability
expand image

The critical alert was released on 17 October and impacts the company’s Cisco IOS XE, a Linux-based distributed software architecture that runs on a number of Cisco switches and routers.

The vulnerability exists in the software’s web user interface and could lead to an unauthenticated, remote user creating a “highly privileged account”, in turn allowing them to take control of the entire system.

At the moment, there is no patch or workaround available.

============
============

“Cisco strongly recommends that customers disable the HTTP Server feature on all internet-facing systems,” Cisco said in its vulnerability update, which also includes instructions for how to disable “all internet-facing systems” on an affected HTTP server.

The ACSC is warning of active exploitation of the vulnerability in the wild, though so far, the agency is unaware of it being exploited locally.

“Cisco reports active exploitation of this vulnerability and has published indicators of compromise to assist system owners in investigating for signs of malicious activity,” the ACSC said in its alert.

“The ACSC is monitoring the situation and is able to provide assistance and advice as required.”

Any individuals or organisations affected by the vulnerability should call 1300 CYBER1.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.