CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

Today, CISA updated its guidance addressing two vulnerabilities, CVE-2023-20198 and CVE-2023-20273, affecting Cisco’s Internetworking Operating System (IOS) XE Software Web User Interface (UI).

The guidance now notes that Cisco has fixed these vulnerabilities for the 17.3 Cisco IOS XE software release train with version 17.3.8a. CISA urges organizations to immediately apply necessary updates.

CISA urges organizations to review:

CISA’s updated guidance
Cisco Security Advisory: Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature
Cisco Talos Threat Advisory: Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerabilities

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.

CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

Please share your thoughts

Widespread IT Outage Due to CrowdStrike Update

Cisco Releases Security Updates for Multiple Products

Oracle Releases Critical Patch Update Advisory for July 2024

CISA Releases Three Industrial Control Systems Advisories

CISA Updates Guidance for Addressing Cisco IOS XE Web UI Vulnerabilities

Please share your thoughts

Related Advisories

Widespread IT Outage Due to CrowdStrike Update

Cisco Releases Security Updates for Multiple Products

Oracle Releases Critical Patch Update Advisory for July 2024

CISA Releases Three Industrial Control Systems Advisories