Home / Vulnerabilities / CVE-2023-20273
HIGH SEVERITY
CVE-2023-20273 Cisco · Cisco IOS XE Web UI

Cisco IOS XE Web UI Command Injection Vulnerability

Technical Severity

CVSS v3.1 Metrics

HIGH
7.2 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

92.38 %
Predictive Probability
Percentile Rank
99.7 th

Documented as more likely to be exploited than 99.7% of known CVEs.

Detection Date

Oct 23, 2023

Remediation Due

Oct 27, 2023

CISA Catalog Active

Threat Analysis

Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.

Remediation Directive

Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.

External Intelligence

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2023-20273