Gluware is a Bain Capital Portfolio Company
Search
Close this search box.

New Cisco IOS Zero-Day Delivers a Double Punch

A vulnerability affecting Cisco operating systems could enable attackers to take full control of affected devices, execute arbitrary code, and cause reloads that trigger denial of service (DoS) conditions. And at least one attempt at exploitation has already occurred in the wild.

On Sept. 27, Cisco released its latest semi-annual Security Advisory Bundled Publication. The publication detailed eight vulnerabilities affecting its IOS and IOS XE operating systems, among them CVE-2023-20109, an out-of-bounds write issue which earned a 6.6 “Medium” severity score. According to Cisco’s security advisory, CVE-2023-20109 has already been the object of at least one attempted exploitation in the wild.

In a statement to Dark Reading, a Cisco spokesperson acknowledged the vulnerabilities. “Cisco has released software updates to address these vulnerabilities. Please refer to the specific security advisory for additional detail,” the spokesperson wrote.

To Tim Silverline, vice president of security at Gluware, this vulnerability shouldn’t be ignored, but it’s also no reason to panic.

“Organizations should implement the mitigation strategies proposed by Cisco, but the danger here is not substantial. If the bad actor has full access to the target environment, then you are already compromised and this is just one way in which they could exploit those permissions to move laterally and escalate privileges,” he says.

Share this article

About Gluware

Gluware provides the leading intelligent network automation suite for Global 2000 enterprises, trusted across industries from finance to pharma. Gluware automates the networks of the world’s largest and most complex enterprises, keeping them secure and in compliance. The company’s code-free, multi-vendor solutions and intent-based approach to network automation reduce the business risk of outages while lowering costs and increasing efficiency. For more information, please visit www.gluware.com.

Media Contact

Clayton Murtle
Lumina Communications for Gluware
gluware@luminapr.com

Dark Reading

CONTACT US

Gluware, Inc.
2020 L Street
Suite 130
Sacramento, CA 95811

1-916-877-8224
sales@gluware.com

For general inquiries info@gluware.com

SUPPORT

support.gluware.com
support@gluware.com

US: 1-855-458-3822
UK: 0808-134-9906
Netherlands: 0-800-023-2194
Australia: 1-800-987-824
NZ + 0800-005-106

Support Portal

HELPFUL LINKS

Want to stay up to date on network automation?

Simply fill out the below information to

Receive the Gluware Newsletter

"*" indicates required fields

Name*
This field is for validation purposes and should be left unchanged.