Cisco has warned of a new zero-day flaw in IOS XE that has been actively exploited by an unknown threat actor to deploy a malicious Lua-based implant on susceptible devices.
Tracked as CVE-2023-20273 (CVSS score: 7.2), the issue relates to a privilege escalation flaw in the web UI feature and is said to have been used alongside CVE-2023-20198 (CVSS score: 10.0) as part of an exploit chain.
“The
Related Post
- March 1, 2025
Mozilla Updates Firefox Terms Again After Backlash Over
Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad
- February 28, 2025
Friday Squid Blogging: Eating Bioluminescent Squid
Firefly squid is now a delicacy in New York. Blog moderation policy.
- February 28, 2025
Notorious Malware, Spam Host “Prospero” Moves to Kaspersky
One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks
- February 28, 2025
Amnesty Finds Cellebrite’s Zero-Day Used to Unlock Serbian
A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the