In a concerning development, cybercriminals have seized upon an unpatched zero-day vulnerability in Cisco’s networking software, compromising an alarming number of devices. The breach has resulted in unauthorized access and potential unauthorized activity on tens of thousands of affected devices.
Censys Observes Sharp Increase in Compromised Devices
Censys, a specialized search engine for Internet-connected devices and assets, has identified a significant spike in the number of compromised Cisco devices, totaling nearly 42,000. This sharp increase has raised red flags across the cybersecurity landscape.
Cisco Acknowledges Vulnerability in Web User Interface (Web UI)
Cisco, a prominent networking solutions provider, has publicly acknowledged the existence of an active exploitation of a previously unknown vulnerability. This vulnerability is located in the Web User Interface (Web UI) feature within one of its software products, which is susceptible when exposed to the Internet or untrusted networks.
According to Cisco’s security update, the vulnerability impacts both physical and virtual devices running Cisco IOS XE software with the HTTP or HTTPS Server feature enabled. Successful exploitation of this vulnerability empowers an attacker to create an account on the compromised device with “privilege level 15” access. This access grants the attacker full control over the compromised device and the potential for subsequent unauthorized activities.
Devices running Cisco IOS XE software are diverse and include enterprise switches, wireless controllers, access points, and industrial routers.
Cisco’s Recommended Mitigation: Disable HTTP Server Feature
Cisco has responded by recommending that companies disable the HTTP server feature on internet-facing systems to mitigate the risk of exploitation.
Geographic Distribution of Compromised Devices
In their analysis, Censys revealed that the majority of compromised devices are located in the United States, followed by the Philippines and Mexico. Intriguingly, security researchers noted that smaller entities and individuals appear to be the primary targets of this vulnerability, as they are perceived as more susceptible to such attacks.
Critical Vulnerability Receives Highest CVSS Score
This newly discovered vulnerability has received the highest possible Common Vulnerability Scoring System (CVSS) score of 10, indicating its critical nature. Successful exploitation of this vulnerability could provide attackers with full administrator privileges, enabling them to take complete control of the affected routers and potentially carry out unauthorized activities.
Call to Action for Organizations
Organizations are urged to remain vigilant and be on the lookout for unexplained or newly created users on their devices, as this could serve as evidence of potentially malicious activity related to this threat.
The cybersecurity community and affected organizations are actively working to address and remediate this vulnerability, emphasizing the critical importance of promptly applying recommended security measures.
This ongoing situation highlights the constant need for vigilance and swift responses to emerging cybersecurity threats, as cybercriminals continue to exploit vulnerabilities in critical infrastructure and connected devices.