• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisco zero day exploited to implant malicious lua backdoor on thousands

Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices

You are here: Home / General Cyber Security News / Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices
October 21, 2023

Cisco has warned of a new zero-working day flaw in IOS XE that has been actively exploited by an not known danger actor to deploy a destructive Lua-based mostly implant on prone gadgets.

Tracked as CVE-2023-20273 (CVSS rating: 7.2), the issue relates to a privilege escalation flaw in the web UI aspect and is claimed to have been utilised along with CVE-2023-20198 as portion of an exploit chain.

“The attacker to start with exploited CVE-2023-20198 to obtain first accessibility and issued a privilege 15 command to build a area consumer and password combination,” Cisco stated in an updated advisory released Friday. “This authorized the person to log in with ordinary user obtain.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

“The attacker then exploited a different element of the web UI characteristic, leveraging the new community user to elevate privilege to root and compose the implant to the file procedure,” a shortcoming that has been assigned the identifier CVE-2023-20273.

A Cisco spokesperson told The Hacker News that a repair that addresses equally vulnerabilities has been determined and will be designed out there to customers starting off Oct 22, 2023. In the interim, it can be advisable to disable the HTTP server feature.

Although Cisco has formerly stated that a now-patched security flaw in the exact same software experienced been exploited to set up the backdoor, the corporation assessed the vulnerability to be no for a longer time affiliated with the action in light-weight of the discovery of the new zero-day.

“An unauthenticated distant actor could exploit these vulnerabilities to choose command of an afflicted procedure,” the U.S. Cybersecurity and Infrastructure Security Company (CISA) said. “Specifically, these vulnerabilities make it possible for the actor to make a privileged account that presents full regulate over the gadget.”

Cybersecurity

Thriving exploitation of the bugs could let attackers to get unfettered distant entry to routers and switches, keep track of network website traffic, inject and redirect network traffic, and use it as a persistent beachhead to the network because of to the deficiency of defense alternatives for these units.

The advancement comes as additional 41,000 Cisco devices managing the susceptible IOS XE program are believed to have been compromised by danger actors utilizing the two security flaws, per info from Censys and LeakIX.

“On Oct 19, the quantity of compromised Cisco devices has ebbed to 36,541,” the attack floor administration firm mentioned. “The key targets of this vulnerability are not significant organizations but lesser entities and men and women.”

Discovered this report exciting? Comply with us on Twitter  and LinkedIn to read far more special articles we submit.


Some elements of this posting are sourced from:
thehackernews.com

Previous Post: «malvertisers using google ads to target users searching for popular Malvertisers Using Google Ads to Target Users Searching for Popular Software
Next Post: Okta’s Support System Breach Exposes Customer Data to Unidentified Threat Actors okta's support system breach exposes customer data to unidentified threat»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.