• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisco zero day exploited to implant malicious lua backdoor on thousands

Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices

You are here: Home / General Cyber Security News / Cisco Zero-Day Exploited to Implant Malicious Lua Backdoor on Thousands of Devices
October 21, 2023

Cisco has warned of a new zero-working day flaw in IOS XE that has been actively exploited by an not known danger actor to deploy a destructive Lua-based mostly implant on prone gadgets.

Tracked as CVE-2023-20273 (CVSS rating: 7.2), the issue relates to a privilege escalation flaw in the web UI aspect and is claimed to have been utilised along with CVE-2023-20198 as portion of an exploit chain.

“The attacker to start with exploited CVE-2023-20198 to obtain first accessibility and issued a privilege 15 command to build a area consumer and password combination,” Cisco stated in an updated advisory released Friday. “This authorized the person to log in with ordinary user obtain.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

“The attacker then exploited a different element of the web UI characteristic, leveraging the new community user to elevate privilege to root and compose the implant to the file procedure,” a shortcoming that has been assigned the identifier CVE-2023-20273.

A Cisco spokesperson told The Hacker News that a repair that addresses equally vulnerabilities has been determined and will be designed out there to customers starting off Oct 22, 2023. In the interim, it can be advisable to disable the HTTP server feature.

Although Cisco has formerly stated that a now-patched security flaw in the exact same software experienced been exploited to set up the backdoor, the corporation assessed the vulnerability to be no for a longer time affiliated with the action in light-weight of the discovery of the new zero-day.

“An unauthenticated distant actor could exploit these vulnerabilities to choose command of an afflicted procedure,” the U.S. Cybersecurity and Infrastructure Security Company (CISA) said. “Specifically, these vulnerabilities make it possible for the actor to make a privileged account that presents full regulate over the gadget.”

Cybersecurity

Thriving exploitation of the bugs could let attackers to get unfettered distant entry to routers and switches, keep track of network website traffic, inject and redirect network traffic, and use it as a persistent beachhead to the network because of to the deficiency of defense alternatives for these units.

The advancement comes as additional 41,000 Cisco devices managing the susceptible IOS XE program are believed to have been compromised by danger actors utilizing the two security flaws, per info from Censys and LeakIX.

“On Oct 19, the quantity of compromised Cisco devices has ebbed to 36,541,” the attack floor administration firm mentioned. “The key targets of this vulnerability are not significant organizations but lesser entities and men and women.”

Discovered this report exciting? Comply with us on Twitter  and LinkedIn to read far more special articles we submit.


Some elements of this posting are sourced from:
thehackernews.com

Previous Post: «malvertisers using google ads to target users searching for popular Malvertisers Using Google Ads to Target Users Searching for Popular Software
Next Post: Okta’s Support System Breach Exposes Customer Data to Unidentified Threat Actors okta's support system breach exposes customer data to unidentified threat»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia
  • Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats
  • Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan
  • Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks
  • WhatsApp’s New Secret Code Feature Lets Users Protect Private Chats with Password
  • U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign Agents
  • Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
  • Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws
  • Google Unveils RETVec – Gmail’s New Defense Against Spam and Malicious Emails
  • North Korea’s Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

Copyright © TheCyberSecurity.News, All Rights Reserved.