현재 자주 악용되고 있는 취약점 목록으로, 취약한 버전의 SW를 사용 중인 경우 긴급 패치를 권고 드립니다.
 * 참조 링크 : https://www.cisa.gov/known-exploited-vulnerabilities-catalog

      
       
        
         
cveID
         
vendorProject
         
vulnerabilityName
         
dateAdded
         
shortDescription
         
requiredAction
         
dueDate
        
        
         
CVE-2023-20273
         
Cisco
         
Cisco IOS XE Web UI Unspecified Vulnerability
         
2023-10-23
         
Cisco IOS XE contains an unspecified vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.
         
Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.
         
2023-10-27