ASSURANT

™

CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

October 20, 2023

CISA Releases Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities
All CISA Advisories, CISA, October 20, 2023

Today, CISA, in response to active, widespread exploitation, released guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI). An unauthenticated remote actor could exploit these vulnerabilities to take control of an affected system. Specifically, these vulnerabilities allow the actor to create a privileged account that provides complete control over the device.

CISA urges organizations running Cisco IOS XE Web UI to review CISA’s guidance and immediately implement the mitigations outlined in:

These mitigations include disabling the HTTP Server feature on internet-facing systems, and hunt for malicious activity on their network.

Comprehensive Cyber Security is Complex

1,000+ ASSURANT™ Users

10,000+ Systems/sub-systems analyzed

40,000+ Manhours saved

Schedule a Call

How to Get Started

1. Schedule a Call

Speak with an ASSURANT™ team member.

2. Get Organized

Assess the scope of your
cyber issues and start modeling and
analyzing your systems
immediately.

3. Review a Demo

Receive assessments and reports to plan risk reduction.

Schedule a Call

What Our Clients Say

“This system allowed me to identify missing components when the model validation engine ran. These were components which had infrequent changes and therefore were not commonly documented. The ASSURANT™ model told us that there were some elements missing. When we compared our sources against the model result, we discovered existing legacy components which had previously lacked documentation. The addition of these components to the model has given us confidence in the model’s completeness and improved our cyber readiness.”

Picture of a man silhouetted against a setting sun

Cyber Model Engineer

“Without the ASSURANT™ attack path analysis visual capability, it’s difficult to explain the complexities of a cyber battlespace to non-experts, and us good guys in the fight are often only learning from our mistakes in the wake of a cyber-attack. The different ways to visualize attack paths allows time to get ahead of the tactics and techniques of cyber actors by allowing us to simulate “black hat” scenarios for when a network artifact becomes compromised.”

Attack Path Analyst

Latest News Posts

Honoring our Unsung Heroes – Celebrating Public Service Recognition Week

Honoring our Unsung Heroes – Celebrating Public Service Recognition Week [...]

DHS, CISA Announce Membership Changes to the Cyber Safety Review Board

DHS, CISA Announce Membership Changes to the Cyber Safety Review [...]

CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities

CISA and FBI Release Secure by Design Alert to Urge [...]

12 Next

Latest Blog Posts

Advantages of Continuous Vulnerability Monitoring for Complex SCADA Systems using a Modeling System
Gallery
Advantages of Continuous Vulnerability Monitoring for Complex SCADA Systems using a Modeling System

Blog Posts, Cyber Defense, Cyber Survivability

Advantages of Continuous Vulnerability Monitoring for Complex SCADA Systems using a Modeling System

"Empower SCADA security with continuous vulnerability monitoring through cutting-edge modeling" [...]

Use Case: Simulating Penetration Testing Using a Modeling Framework
Gallery
Use Case: Simulating Penetration Testing Using a Modeling Framework

Blog Posts, Cyber Defense, Cyber Survivability

Use Case: Simulating Penetration Testing Using a Modeling Framework

“Unleash the power of modeling and simulation for smarter, more [...]

The Power of Simulation and Penetration Testing to Fortify Cyber Infrastructure
Gallery
The Power of Simulation and Penetration Testing to Fortify Cyber Infrastructure

Blog Posts, Cyber Defense, Cyber Survivability

The Power of Simulation and Penetration Testing to Fortify Cyber Infrastructure

“Unleash the power of modeling and simulation for smarter, more [...]

12 Next

Contact Us

1408 University Dr
College Station, TX 77840
(979) 260-1980
sales@kbsi.com

Resources

Identify and Prioritize Your Business Cyber Risks with ASSURANT™

Schedule a Call

Visit us at our parent website – KBSI.com

This material is based upon work supported by the United States Air Force under Contract No. FA8650-23-D-1061. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Air Force.