“On October 16, Cisco warned users of the discovery of a previously unknown zero-day in its Web User Interface (Web UI) feature of Cisco IOS XE software, and confirmed that it had been exploited in the wild. Successful exploitation could allow attackers to create an account with level 15 access, the highest privilege level that gives the user full control over the router.
“With this level of access, an attacker can modify network routing rules as well as open ports for access to attacker-controlled servers for data exfiltration. When the attacker has this level of control and makes an administrative account with an innocuous name, it’s possible their activity could go undetected for quite some time. It is imperative that organisations apply the mitigations from Cisco’s security advisory as soon as possible and apply the patches as soon as they are released in order to successfully remediate this vulnerability.” — Scott Caveza, Staff Research Engineer, Tenable