New Cisco IOS Zero-Day Delivers a Double Punch

A vulnerability affecting Cisco operating systems could enable attackers to take full control of affected devices, execute arbitrary code, and cause reloads that trigger denial of service (DoS) conditions. And at least one attempt at exploitation has already occurred in the wild.

On Sept. 27, Cisco released its latest semi-annual Security Advisory Bundled Publication. The publication detailed eight vulnerabilities affecting its IOS and IOS XE operating systems, among them CVE-2023-20109, an out-of-bounds write issue which earned a 6.6 “Medium” severity score. According to Cisco’s security advisory, CVE-2023-20109 has already been the object of at least one attempted exploitation in the wild.

In a statement to Dark Reading, a Cisco spokesperson acknowledged the vulnerabilities. “Cisco has released software updates to address these vulnerabilities. Please refer to the specific security advisory for additional detail,” the spokesperson wrote.

To Tim Silverline, vice president of security at Gluware, this vulnerability shouldn’t be ignored, but it’s also no reason to panic.

“Organizations should implement the mitigation strategies proposed by Cisco, but the danger here is not substantial. If the bad actor has full access to the target environment, then you are already compromised and this is just one way in which they could exploit those permissions to move laterally and escalate privileges,” he says.

Share this article

About Gluware

Gluware is the leader in intelligent network automation, helping organizations improve security, simplify complexity, eliminate toil, and accelerate innovation across digital infrastructure. Trusted by the Global 2000, Gluware’s intent-based, multi-vendor automation platform handles millions of network changes in minutes—flawlessly. Whether used out of the box or as a builder platform, Gluware delivers a 95% reduction in network outages, 100% network security policy compliance, a 300x speed increase for OS upgrades, and self-operating network capabilities in just three months.

Gluware Media Contact
ICR for Gluware
Gluware@icrinc.com

Dark Reading
Want to stay up to date on network automation?

Simply fill out the below information to

Receive the Gluware Newsletter

"*" indicates required fields

Name*
This field is for validation purposes and should be left unchanged.