An official website of the United States government
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Cybersecurity & Infrastructure Security Agency
America’s Cyber Defense Agency
Search
America’s Cyber Defense Agency
Alert
Release Date
Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI).
The guidance now notes that Cisco has fixed these vulnerabilities for the 17.3 Cisco IOS XE software release train with version 17.3.8a. CISA urges organizations to immediately apply necessary updates.
CISA urges organizations to review:
- CISA’s updated guidance
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature
- Cisco Talos Threat Advisory: Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.
Related Advisories
Alert
CISA Releases Three Industrial Control Systems Advisories
Alert
CISA Adds Two Known Exploited Vulnerabilities to Catalog
Alert
VMware Releases Advisory for VMware Tools Vulnerabilities
Alert
CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities With Additional Releases
