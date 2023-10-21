Cisco has reported a new zero-day vulnerability in IOS malicious code implantation Lua-based on susceptible devices; In short LUA is a high-level programming language like C++ or JAVA.

What does this LUA-based backdoor mean?

Identified as CVE-2023-20273 (CVSS score: 7.2), the problem based on LUA language concerns a privilege escalation vulnerability in the web interface feature and was used together with CVE-2023-20198 as part of an exploit chain.

“The attacker first exploited CVE-2023-20198 to gain initial access and issued a privilege 15 command to create a local user and password combination“, has declared Cisco in an updated advisory released Friday. “This allowed the user to log in with a normal user login.”

CISCO further added: “Next, the attacker exploited another component of the web interface feature, taking advantage of the new local user to elevate root privilege and write the installation into the file system“, the CVE code assigned to this “shortcoming” is CVE-2023-20273.

A Cisco spokesperson told that a fix has been identified that covers both vulnerabilities and will be made available to customers starting October 22, 2023. In the meantime, it is recommended to disable the HTTP server function.

Although Cisco previously mentioned that a now-fixed security vulnerability in the same software had been exploited to install a back door, the company has assessed that the vulnerability is no longer associated to activity in light of the discovery of the new zero-day.

“A user [da] Unauthenticated remote could exploit these vulnerabilities to take control of an affected system“, has declared the United States Cybersecurity and Infrastructure Security Agency (CISA). “Specifically, these vulnerabilities allow the actor to create a privileged account that provides complete control over the device.”

Successful exploitation of bugs could allow attackers to gain unrestricted remote access to routers and switchesmonitor network traffic, inject and redirect network traffic, and use it as a persistent basis in the network due to the lack of security solutions for these devices.

Development occurs while it is estimated that more than 41,000 Cisco devices running the vulnerable IOS XE software were compromised by attackers exploiting the two security vulnerabilities, according to data from Censys and LeakIX.

“On October 19th, the number of compromised Cisco devices dropped to 36,541“, declared the experts of the telecommunications giant. “The primary targets of this vulnerability are not large companies, but smaller entities and individuals.”

Conclusion

It is important to note that Cisco IOS represent a serious threat to network securityas they can allow attackers to take complete control of critical network devices and that these devices they are used in a wide range of industries, including governments, businesses and educational institutionsmaking the situation even more worrying.

The fact that over 36,000 Cisco devices were compromised it is a clear sign of the wide scope of this problem and this shows that the threat is real and that an immediate response is necessary to mitigate the risk.

The only thing that can be done in these situations is wait for technicians and programmers to solve the problem through the beloved (and hated) system updates.