home.social

#iosxe — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #iosxe, aggregated by home.social.

  1. 🚨 #Cisco #IOSXE #CVE-2023-20198 #CVE-2023-20273

    It's been a while, exploit activity has decreased || mostly consists of Auth Bypass + simple recon.

    However, we recently found a new version of the Implant 👀 No clear #attribution for now, original TA or copycat? #IoC ⬇️

    Since the MO and Implant code of the original TA are widely known by now we can't tie it to them confidently.
    What stands out in this case:
    1. new path (84c8bc4.html) + 404 return
    2. separation of the Implant delivery and C2 infra:

    138.122.193[.]157📥
    134.122.75[.]64📣

    The commands issued during the Implant delivery stayed the same for the most part, although now the attacker calculated SHA-1 hashsums of dropped files to read back and verify their integrity.

    /var/www/f099.css
    /tmp/pvp_coco
    /tmp/pvp_wd_run

    Did anyone spot similar activity? We'd love to hear from you!

    Thanks for reading today's thread 🍪

    #infosec #cybersecurity #cyberdefense #blueteam

  2. 🚨 #Cisco #IOSXE #CVE-2023-20198 #CVE-2023-20273

    We updated our #IoC for exploit attempts that hit our honeypot. You can find them on #GitHub: github.com/SIFalcon/research/b

    Based on modus operandi and infrastructure we managed to cluster certain attacking hosts togehter ⬇️

    We also saw new traffic to the Implant, this time from 107.175.229[.]142, again via the user "cisco_support". Executed recon commands include:

    show ip interface brief
    show ip dns view
    show ip name-servers

    #infosec #cybersecurity #cyberdefense

  3. #Verpasstodon

    Cisco IOS XE und die verschwundenen Hintertüren

    Die Anzahl der offensichtlich kompromittierten Geräte ist auch in Deutschland schlagartig gefallen, was wohl kaum an den gerade erschienenen Patches liegt.

    heise.de/news/Cisco-IOS-XE-und

    #Cisco #IOSXE #Security

  4. 🚨 #Cisco #IOSXE #CVE-2023-20198 #CVE-2023-20273

    Patience is a virtue 🙂

    We can confirm: New activity from IP 192.3.101[.]111 today. Our HPs 🍯 show exploit attempts on clean appl. + Implant usage e.g. "show ver" for recon.

    Happy to share PCAPs, TLP:💛 ➡️ DM.
    cc @ET_Labs

    #cybersecurity #infosec

  5. New Cisco IOS XE zero day vulnerability has been disclosed as CVE-2023-20198.

    This vulnerability is being actively exploited with thousands of Cisco IOS XE devices being breached.

    This vulnerability has a CVSS score of 10/10 and affects any Cisco IOS XE devices with HTTP/HTTPS service enabled & is Internet facing. Successful exploitation by the attacker could allow them to create admin-level accounts & take over the network.

    https://arstechnica.com/security/2023/10/actively-exploited-cisco-0-day-with-maximum-10-severity-gives-full-network-control/

    #infosec #cybersecurity #Cisco #IOSXE #CVE_2023_20198 #zeroday

  6. "🚨 Critical Vulnerability in Cisco IOS XE Software Web UI! 🚨"

    Cisco has identified a critical privilege escalation vulnerability in the web UI feature of Cisco IOS XE Software. If exposed to the internet or untrusted networks, this flaw allows remote, unauthenticated attackers to create an account with privilege level 15 access, potentially gaining control of the affected system. 🕸️💻

    Cisco is actively aware of the exploitation of this vulnerability. The issue was discovered during the resolution of multiple Cisco TAC support cases. There are currently no workarounds available. However, Cisco recommends disabling the HTTP Server feature on all internet-facing systems as a precautionary measure. 🚫🌐

    For more details and to check if your system might be affected, visit the official advisory: Cisco Security Advisory

    Tags: #Cisco #IOSXE #WebUI #Vulnerability #PrivilegeEscalation #CyberSecurity #InfoSec #PatchNow 🛡️🔐

  7. Updates beseitigen eine lokale Angriffsmöglichkeit mit hoher Risiko-Einstufung. Weitere Aktualisierungen schließen "Medium"-Lücken in anderen Cisco-Produkten.
    Cisco: Schwachstelle in IOS XE (SD-WAN) macht mehrere Produkte angreifbar
  8. Der Netzwerkausrüster hat jede Menge Sicherheitslücken geschlossen. Erfolgreiche Attacken können gefährliche Auswirkungen haben.
    Sicherheitsupdates: Kritische Admin-Lücke mit Höchstwertung bedroht Cisco-Geräte
  9. Admins aufgepasst: Vor dem Start ins Wochenende warten noch Updates für IOS und IOS XE, die insgesamt 34 Schwachstellen mit hoher Risikoeinstufung schließen.
    Security-Updatepaket für Ciscos Netzwerkbetriebssysteme IOS und IOS XE