| A vulnerability has been discovered in Cisco IOS XE Software Web UI that could allow for privilege escalation. Successful exploitation could allow an unauthenticated remote attacker to create an account on an affected system with privilege level 15 access, allowing them to use that account to gain control of the affected system. The Cisco IOS XE Software web UI is an embedded GUI-based system-management tool, that comes with the default image. |
| Threat Intelligence Cisco is aware of this vulnerability being exploited in the wild. |
| Systems Affected |
| This vulnerability affects Cisco IOS XE Software if the Web UI feature is enabled. |
| Risk Government: – Large and medium government entities: High – Small government entities: High |
| Businesses: – Large and medium business entities: High – Small business entities: High |
| Home Users: Low |
| Technical Summary According to Cisco, at this time a patch is not available, and there are no workarounds that address this vulnerability. As a defensive measure it is strongly recommended that users disable the HTTP Server feature on all internet-facing systems. |
| Recommendations |
| Once available, apply appropriate patches provided by Cisco to vulnerable systems immediately after appropriate testing. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Block execution of code on a system through application control, and/or script blocking. Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries. |