Brief

Here is a short summary of the provided document in a professional tone:

Summary:

CISA has issued updated guidance addressing vulnerabilities CVE-2023-20198 and CVE-2023-20273 in Cisco's Internetworking Operating System (IOS) XE Software Web User Interface (UI). Cisco has fixed these vulnerabilities in the 17.9.4a release, but fixes are still pending for other release trains. CISA urges organizations to update to the 17.9.4a release and review relevant guidance, including Cisco's Security Advisory and a Cisco Talos blog post. Additionally, CISA has added the vulnerabilities to its Known Exploited Vulnerabilities Catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to remediate them by the specified due date.

Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI).

The guidance now notes that Cisco has fixed these vulnerabilities for the 17.9 Cisco IOS XE software release train with the 17.9.4a update. According to Cisco’s Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature, fixes are still to be determined for the following Cisco IOS XE software release trains: 17.6, 17.3, 16.12 (Catalyst 3650 and 3850 only). CISA urges organizations with the 17.9 Cisco IOS XE software release train to immediately update to the 17.9.4a release.

CISA urges organizations to review:

CISA has added CVE-2023-20198 and CVE-2023-20273 to its Known Exploited Vulnerabilities Catalog, which, per Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the specified due date to protect FCEB networks against active threats.

Note: The Cisco Security Advisory initially pointed to another vulnerability as part of this activity. However, as stated in the Cisco Talos blog, Cisco has since determined that the vulnerability “CVE-2021-1435 that had previously been mentioned is no longer assessed to be associated with this activity.”   

Highlights content goes here...

Summary

The Cisco Security Advisory provides guidance on the updated mitigation steps to address two vulnerabilities affecting Cisco’s Internetwork Operating System (IOS) and Web User Interface (UI). The vulnerabilities, CVE-2023-20198 and CVE-2023-20273, have been fixed in the latest software release.

The Cisco Internet Security Association (CISA) urges organizations to immediately update their Cisco IOS XE Software to the latest release train to address these vulnerabilities. The advisory also notes that the vulnerabilities are still present in some Cisco devices, specifically the Catalyst 3650 and 3850.

CISA’s updated guidance recommends that organizations review their Cisco IOS XE Software Web UI Feature to ensure the vulnerabilities are properly remediated. The agility is also recommended to review its Known Exploited Vulnerabilities Catalog, which includes the updated information on the vulnerabilities.

It is worth noting that the Cisco Talos blog has reported active exploitation of these vulnerabilities and recommends that organizations take immediate action to mitigate the risks.

Key Takeaways:

1. Cisco has fixed the vulnerabilities in the latest software release.
2. Organizations are urged to update their Cisco IOS XE Software immediately.
3. Review of Cisco IOS XE Software Web UI Feature is recommended to ensure vulnerabilities are properly remediated.
4. CISA’s Known Exploited Vulnerabilities Catalog should be reviewed for updated information.
5. Cisco Talos blog reports active exploitation of these vulnerabilities, emphasizing the need for immediate action.

Cybersecurity and Infrastructure Security Agency

Quick Insight
RADA.AI
RADA.AI
Hello! I'm RADA.AI - Regulatory Analysis and Decision Assistance. Your Intelligent guide for compliance and decision-making. How can i assist you today?
Suggested

Form successfully submitted. One of our GRI rep will contact you shortly

Thanking You!

Login

Enter your Email

Enter your email id below to signup.

Enter your Email

Enter your email id below to signup.
Individual Plan
$125 / month OR $1250 / year
Features
Best for: Researchers, Legal professionals, Academics
Enterprise Plan
Contact for Pricing
Features
Best for: Law Firms, Corporations, Government Bodies