Cisco issues critical vulnerability warning for its IOS XE operating system used in its network devices. The flaw allows hackers to have full control over the device and has already been exploited.
IOS XE is a subsidiary operating system of Cisco IOS (the overall operating system of Cisco). The XE version is built on a Linux kernel and is used in certain models of Catalyst, ASR, and ISR network devices.
This vulnerability is related to the Web UI used for device management, with a maximum risk score of 10/10. Currently, there is no patch available, and Cisco advises customers to disable the HTTP Server feature or at least restrict access to the Web UI only from trusted networks.
Cisco discovered attacks utilizing this vulnerability since September 18th, and the frequency of these attacks has been increasing throughout October. After conducting investigations, it was determined to be a newly exploited vulnerability, prompting Cisco to issue a warning.
TLDR: Cisco warns of a critical vulnerability in their IOS XE operating system, allowing full control of network devices. The flaw is related to the Web UI and poses a high risk. Cisco advises immediate action to limit exposure until a patch is available. Attacks utilizing this vulnerability have been increasing since September.