How severe is CVE-2023-20198?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 10 out of 10.

What type of vulnerability is CVE-2023-20198?

This is classified as CWE-420, which is a common weakness in software security.

CVE-2023-20198 - CRITICAL Severity | CVSS 10

Vulnerability Description

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. Our investigation has determined that the actors exploited two previously unknown issues. The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination. This allowed the user to log in with normal user access. The attacker then exploited another component of the web UI feature, leveraging the new local user to elevate privilege to root and write the implant to the file system. Cisco has assigned CVE-2023-20273 to this issue. CVE-2023-20198 has been assigned a CVSS Score of 10.0. CVE-2023-20273 has been assigned a CVSS Score of 7.2. Both of these CVEs are being tracked by CSCwh87343.

Related Vulnerabilities

CVE-2023-31241

CRITICAL

CVSS:10.0(Critical)

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.

CWE-4202023

CVE-2020-8558

HIGH

CVSS:8.8(High)

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound...

CWE-4202020

CVE-2023-4570

HIGH

CVSS:8.8(High)

An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be...

CWE-4202023

CVE-2023-28840

HIGH

CVSS:8.7(High)

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component...

CWE-4202023

CVE-2023-52718

HIGH

CVSS:8.1(High)

A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408) This v...

CWE-4202023

CVE-2023-7266

HIGH

CVSS:8.1(High)

Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605) This vulner...

CWE-4202023