1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Cisco IOS XE Web UI Command Injection Vulnerability

Known Exploited Vulnerabilities CVE-2023-20273 Mappings

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-20273 Cisco IOS XE Web UI Command Injection Vulnerability secondary_impact T1059 Command and Scripting Interpreter
Comments
This vulnerability is exploited through improper privilege escalation in the Web User Interface feature of Cisco IOS XE software. Attackers first used this vulnerability to elevate privileges from a normal user to root by leveraging a newly created local user account. This allowed them to write malicious implants that enable them to execute arbitrary commands to the file system This CVE was exploited after the adversary exploited CVE-2023-20198.
References
  1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
  2. https://www.bleepingcomputer.com/news/security/cisco-discloses-new-ios-xe-zero-day-exploited-to-deploy-malware-implant/
  3. https://www.darkreading.com/application-security/cisco-zero-day-bug-patches-in-days
CVE-2023-20273 Cisco IOS XE Web UI Command Injection Vulnerability primary_impact T1068 Exploitation for Privilege Escalation
Comments
This vulnerability is exploited through improper privilege escalation in the Web User Interface feature of Cisco IOS XE software. Attackers first used this vulnerability to elevate privileges from a normal user to root by leveraging a newly created local user account. This allowed them to write malicious implants that enable them to execute arbitrary commands to the file system This CVE was exploited after the adversary exploited CVE-2023-20198.
References
  1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
  2. https://www.bleepingcomputer.com/news/security/cisco-discloses-new-ios-xe-zero-day-exploited-to-deploy-malware-implant/
  3. https://www.darkreading.com/application-security/cisco-zero-day-bug-patches-in-days
CVE-2023-20273 Cisco IOS XE Web UI Command Injection Vulnerability exploitation_technique T1078 Valid Accounts
Comments
This vulnerability is exploited through improper privilege escalation in the Web User Interface feature of Cisco IOS XE software. Attackers first used this vulnerability to elevate privileges from a normal user to root by leveraging a newly created local user account. This allowed them to write an implant to the file system, further compromising the device. This CVE was exploited after the adversary exploited CVE-2023-20198.
References
  1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
  2. https://www.bleepingcomputer.com/news/security/cisco-discloses-new-ios-xe-zero-day-exploited-to-deploy-malware-implant/
  3. https://www.darkreading.com/application-security/cisco-zero-day-bug-patches-in-days