https://community.cisco.com/t5/webex-administration/cisco-ios-xe-software-vulnerability/m-p/4942916#M5037 <P>check below effected devices :</P> <P><A href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z" target="_blank">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z</A></P> Wed, 18 Oct 2023 11:32:10 GMT balaji.bandi 2023-10-18T11:32:10Z https://community.cisco.com/t5/webex-administration/cisco-ios-xe-software-vulnerability/m-p/4942909#M5036 <P>Hi Team,</P><P>Can you please check for this&nbsp;<SPAN><SPAN class=""><STRONG>Cisco IOS XE software (CVE-2023-20198 is a privilege escalation vulnerability affecting Cisco IOS XE software),</STRONG> receiving the highest possible CVSS score of 10?&nbsp;</SPAN></SPAN></P><P><SPAN><SPAN class="">Is this affecting our Cisco devices or not?</SPAN></SPAN></P><P><SPAN><SPAN class="">If yes, please share the process to remediate this&nbsp;vulnerability.</SPAN></SPAN></P> Wed, 18 Oct 2023 11:21:39 GMT https://community.cisco.com/t5/webex-administration/cisco-ios-xe-software-vulnerability/m-p/4942909#M5036 yashasvi kesamreddy 2023-10-18T11:21:39Z https://community.cisco.com/t5/webex-administration/cisco-ios-xe-software-vulnerability/m-p/4942916#M5037 <P>check below effected devices :</P> <P><A href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z" target="_blank">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z</A></P> Wed, 18 Oct 2023 11:32:10 GMT https://community.cisco.com/t5/webex-administration/cisco-ios-xe-software-vulnerability/m-p/4942916#M5037 balaji.bandi 2023-10-18T11:32:10Z https://community.cisco.com/t5/webex-administration/cisco-ios-xe-software-vulnerability/m-p/4942918#M5038 <P>We are not sure about this.</P><P>Can you please elaborate more on this information.</P> Wed, 18 Oct 2023 11:37:21 GMT https://community.cisco.com/t5/webex-administration/cisco-ios-xe-software-vulnerability/m-p/4942918#M5038 yashasvi kesamreddy 2023-10-18T11:37:21Z https://community.cisco.com/t5/webex-administration/cisco-ios-xe-software-vulnerability/m-p/4943302#M5040 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1616263">@yashasvi kesamreddy</a>,</P> <P>as the security advisory states all devices running IOS-XE (e.g. switches, routers, access points, etc.) are affected, if the HTTP/HTTPS web server is enabled.</P> <P>Here is a list of devices which use IOS-XE:</P> <P><A href="https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html#~products" target="_blank">Cisco IOS XE - Cisco</A></P> <P>In order to be vulnerable, the following commands (or either one of them) must be present in the configuration:</P> <P>ip http server</P> <P>ip http secure-server</P> <P>&nbsp;</P> <P>As the security advisory implies the vulnerability can be mitigated by disabling this feature (no ip http server / no ip http secure-server), if it is not required. If it is required, then you should block the web access to the vulnerable devices from untrusted networks.</P> <P>Best regards</P> <P>Igor</P> Wed, 18 Oct 2023 22:02:27 GMT https://community.cisco.com/t5/webex-administration/cisco-ios-xe-software-vulnerability/m-p/4943302#M5040 Igor Lukic 2023-10-18T22:02:27Z