The Cisco Quandary: Unveiling the Second Zero-Day Vulnerability and the Impending Patch

Estimated read time 3 min read

Introduction: A Tale of Two Zero-Days

As the clock ticks away, network administrators relying on Cisco hardware are on tenterhooks. The ongoing wave of cyberattacks targeting this ubiquitous network infrastructure has unveiled a critical twist. Contrary to earlier beliefs that attackers were exploiting a dated vulnerability from 2021, it turns out that not one, but two zero-day vulnerabilities are at play. Despite a prior estimation, Cisco has yet to release emergency patches for both zero-day flaws. So, what’s the full story behind this evolving cyber threat landscape? Let’s delve into the nitty-gritty.

The Initial Discovery: CVE-2023-20198

Last week’s cybersecurity chatter was dominated by the discovery of a zero-day vulnerability, designated as CVE-2023-20198. This was initially thought to be the golden ticket for attackers, granting them deep system-level permissions. Upon its discovery, Cisco’s security arm, Talos, was swift to commence an in-depth investigation, given the tens of thousands of compromised Cisco systems worldwide. Yet, as they say, the plot thickens.

CVE-2023-20273: The Second Zero-Day Unearthed

While probing into CVE-2023-20198, Cisco stumbled upon another zero-day, CVE-2023-20273. This second vulnerability altered the entire threat calculus. Initially, the first zero-day was thought to bestow extensive system-level rights. However, Cisco has now clarified that it merely allows the attacker to create a new user account with a corresponding password. While this does grant some elevated privileges (up to level 15), it’s not the complete control initially thought.

The Two-Step Exploit Strategy

The second zero-day, lurking in the web user interface of Cisco’s IOS XE system software, enables attackers to escalate their privileges from this newly created user account to root access. This ‘upgrade’ is the linchpin that allows the implantation of malware, fully compromising the network hardware. Cisco has updated its blog over the weekend with this new insight, shedding light on the attackers’ modus operandi.

The Red Herring: CVE-2021-1435

Before this revelation, speculation was rife that the attacks were leveraging an older vulnerability from 2021, known as CVE-2021-1435. This vulnerability had received a patch, but doubts were raised regarding its effectiveness. However, Cisco’s Talos researchers have definitively stated that this 2021 vulnerability is not involved in the current wave of attacks.

The Waiting Game: Where Are the Patches?

Cisco had initially announced that patches for both zero-day vulnerabilities would be available by Sunday, October 22. Yet, as of Monday morning, October 23, there’s still no sign of these crucial updates in Cisco’s Security Advisories. Network administrators are left to wonder: how long will it take to plug these gaping security holes?

Conclusion: The Importance of Vigilance and Preparedness

This unfolding scenario is a stark reminder that the cybersecurity landscape is ever-changing and fraught with complexities. Network administrators must be on their toes, especially those relying on Cisco hardware. As the community eagerly awaits the patches, it’s a critical time to reevaluate and bolster existing security measures.

Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author

+ There are no comments

Add yours