Cisco’s recently disclosed Web UI-based zero-day vulnerability has now been confirmed to have infected over 40,000 hosts, with a significant number of compromised devices located in the United States.
Following the disclosure of Cisco’s Web UI privilege escalation vulnerability, known as CVE-2023-20198, cybersecurity research firm Censys has been closely monitoring the situation. According to their findings, the number of compromised devices has slightly decreased on October 19 after experiencing significant increases in the previous two days.
Censys addressed the ongoing compromises in a blog post, stating, “In the past 24 hours since our last update, there’s both promising and concerning news. While the initial surge of compromises appears to have diminished, we’re now grappling with a substantial number of compromised routers.”
On October 16, Cisco issued an advisory regarding a high severity vulnerability in the web interface feature of devices running the IOS XE software. This vulnerability allowed for unauthenticated privilege escalation and had already been actively exploited in the wild.
Censys’ research has revealed a total of 36,541 actively infected devices as of October 19. Within a 24-hour period, approximately 5,400 devices were taken offline or had their UI features deactivated as a precautionary measure.
The impact of this vulnerability has been felt across multiple countries, including the United States, Philippines, Mexico, Chile, and India. On October 18, there were 6,509 affected hosts reported in the US, representing a nearly 40% increase from the previous day when there were 4,659 devices reported. The Philippines closely followed with 3,966 and 3,224 devices on the respective days.
The growing number of compromised devices is a cause for concern, as it highlights the extensive reach and potential damage of this zero-day vulnerability. With over 40,000 infected hosts, it is evident that immediate action is necessary to mitigate further risks and secure vulnerable systems.
Cisco has been actively working on addressing this issue since its discovery. They have released patches and recommendations for users to protect their systems from exploitation. However, the continued rise in compromised devices calls for increased vigilance and urgency in applying these security measures.
The United States and the Philippines are particularly impacted by this vulnerability, with a significant number of compromised devices located in these countries. It is crucial for organizations and individuals in these regions to be aware of the threat and take necessary steps to secure their networks and devices.
As the situation unfolds, cybersecurity experts and researchers will continue monitoring the impact of this zero-day vulnerability. Collaborative efforts between security firms, affected organizations, and governments will play a crucial role in mitigating the risks posed by this critical vulnerability.
In conclusion, the disclosure of Cisco’s Web UI zero-day vulnerability has led to over 40,000 infected hosts worldwide, with a considerable number located in the US and the Philippines. The ongoing compromises and increasing numbers underscore the need for immediate action and heightened security measures to protect vulnerable systems from exploitation.