Cisco has discovered a critical zero-day vulnerability, CVE-2023-20198, allowing threat actors to gain full control of affected devices by creating an authorized account.
This flaw affects devices running Cisco IOS XE software with the HTTP/HTTPS server feature exposed to the internet, potentially impacting up to 80,000 devices.
An unknown attacker has been exploiting this since at least September 18, leading to concerns about malicious commands executed on affected systems.
For more, click here.
