CVE-2023-20198漏洞已讓數千臺思科裝置淪陷
· 2023-10-19
針對思科本周揭露的IOS XE重大漏洞CVE-2023-20198,安全漏洞情報業者VulnCheck進一步揭露災情,指出已有數千臺安裝Cisco IOS XE的裝置遭駭
思科在本周一(10/16)揭露了一個CVSS漏洞風險評分高達10的Cisco IOS XE漏洞CVE-2023-20198,並表示早在9月28日發現相關的可疑活動,確定已遭駭客利用,不過,安全漏洞情報業者VulnCheck隨後指出,思科沒說的是,已經有數千臺安裝Cisco IOS XE的裝置淪陷。
CVE-2023-20198是個存在於Cisco IOS XE作業系統上的Web UI權限擴張漏洞,該漏洞允許未經授權的遠端駭客於受影響的系統上,建立一個具備Level 15最高權限的新帳戶,再利用該帳戶取得受駭系統的控制權。不管是思科的交換器、無線網路控制器、無線基地臺或路由器都是採用Cisco IOS XE。
在思科所觀察到的攻擊行動中,駭客在被駭系統上建立新帳戶之後,會植入一個可用來變更配置的惡意檔案,於是思科提供了一個簡單的方式,只要傳送一個特定的HTTP POST至Cisco IOS XE系統上,就能根據系統是否回傳一個18個字元的16進位字串,來判斷系統是否已經遭到感染。
VulnCheck即利用此一方法來掃描公開網路上的Cisco IOS XE網頁介面,並發現已有數千個系統被植入了惡意檔案,意味著取得這些系統最高權限的駭客,可監控流量、進入受保護的網路,並執行各種中間人攻擊。VulnCheck也釋出了該掃描工具供外界取用。
由於思科尚未修補CVE-2023-20198,因此建議用戶可暫時關閉HTTP Server功能,或是於HTTP Server 中設定存取白名單。
熱門文章
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11
Sports Game
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
GGC Awards 2026 Shines in Colombo: Honoring Leaders and Innovators in the iGaming Industry
HUIDU Focus
Indiana online casino bill stalls in House committee
Regulation
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Game
GAT Expo Puerto Rico Will Pulse with the New Era of Gaming in the Caribbean
Marketing
Super PAC Raises $48 Million: Sports Betting Forces Ramp Up Political Push
Regulation
GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat
Sports Game
Gaming & Technology Expo Makes a Powerful Entrance in CDMX
Marketing
British gambling levy rates confirmed for each vertical
Regulation
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
