{"id":1781,"date":"2023-12-01T04:51:34","date_gmt":"2023-12-01T04:51:34","guid":{"rendered":"https:\/\/certera.com\/kb\/?p=1781"},"modified":"2024-10-07T08:01:29","modified_gmt":"2024-10-07T08:01:29","slug":"how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe","status":"publish","type":"post","link":"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/","title":{"rendered":"How to Protect or Fix CVE-2023-20198 Vulnerability in Cisco IOS XE?"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Cisco discovered a zero-day vulnerability on 16 October 2023. During vulnerability analysis, it was discovered that the web UI of Cisco IOS XE is being exploited. All the potential public-facing network devices are on the verge of being accessed by attackers.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>But, to safeguard the businesses, Cisco released some mitigation mechanisms and patches for some OS versions<\/strong>. Here, you will learn the details of the vulnerability and the approaches to prevent unauthorized access.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/certera.com\/ssl\/certera\/certera-ssl\"><img decoding=\"async\" width=\"960\" height=\"150\" sizes=\"(max-width: 960px) 100vw, 960px\" src=\"https:\/\/certera.com\/kb\/wp-content\/uploads\/2024\/05\/buy-cheap-ssl-certs-cta-jpg.webp\" alt=\"Buy Cheap SSL Certificates\" class=\"wp-image-2030\" srcset=\"https:\/\/certera.com\/kb\/wp-content\/uploads\/2024\/05\/buy-cheap-ssl-certs-cta-jpg.webp 960w, https:\/\/certera.com\/kb\/wp-content\/uploads\/2024\/05\/buy-cheap-ssl-certs-cta-300x47.webp 300w, https:\/\/certera.com\/kb\/wp-content\/uploads\/2024\/05\/buy-cheap-ssl-certs-cta-768x120.webp 768w\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">What is CVE-2023-20198 Vulnerability?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The CVE-2023-20198 vulnerability is associated with the Cisco Internetwork Operating System (IOS), used by Cisco-manufactured products, such as switches, routers, wireless controllers, and access points. All these devices use the Cisco IOS, which discovered this zero-day vulnerability on 16 October 2023.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The Cisco IOS provides a web-based interface for network administrators and engineers to configure and deploy the devices in the network. However, due to the CVE-2023-20198 vulnerability, attackers could gain unauthorized access, create an account, and escalate all high-level admin controls.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">During the investigation, it was concluded that devices facing the public network or devices deployed in a public network are at risk. Until the patch, the organizations must follow the mitigation mechanisms discussed further in this blog.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>In addition, below are the highlights of this privilege escalation vulnerability:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>It allows the attackers to gain unauthorized access over public-facing Cisco IOS XE network devices.<\/li>\n\n\n\n<li>The attackers can create admin accounts once the access is maintained.<\/li>\n\n\n\n<li>The logs can be modified and even deleted by the hackers.<\/li>\n\n\n\n<li>The unauthorized user can remove other users.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">In addition, once the attacker exploits the CVE-2023-20198 vulnerability, they can also exploit the CVE-2021-1435 vulnerability (Arbitrary Code Execution). One exploit leads to another, enabling illegitimate actors to access the complete network or corrupt the entire system.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Furthermore, with the exploitation of CVE-2021-1435, adversaries are also capable of:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Installing backdoors to the network devices, leading them to intercept and modify data in transit.<\/li>\n\n\n\n<li>Run code written in Lua programming language at the admin level.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">How Cisco Reacted To Zero-Day Vulnerability?<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Cisco followed the steps below after being alerted about the CVE-2023-20198.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Step 1: Analyze the vulnerability and assign<\/strong> a CVSS score of 10 to it.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Step 2:<\/strong> Issue a public notice regarding the vulnerability and start working to patch it.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Step 3:<\/strong> Releases fixtures for some Cisco IOS XE versions, including 17.9, 17.6, 17.3, and 16.12. The 16.12 version patch is only for Catalyst switch series 3650 and 3850.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Further, Cisco is constantly working on creating a reliable patch for all the affected devices and versions of the Cisco IOS XE. You can check the fix for your device in <a href=\"https:\/\/www.cisco.com\/c\/en\/us\/support\/docs\/ios-nx-os-software\/ios-xe-dublin-17121\/221128-software-fix-availability-for-cisco-ios.html\">the list published by Cisco<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">The Ways To Protect Yourself From Web UI Privilege Escalation<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Besides the fix released by Cisco, you should also execute the following mitigation mechanisms to lower the impact of CVE-2023-20198.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Mitigation #1: Disable HTTP\/S on public-facing devices<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Disabling the HTTP and HTTPS server functionality is the primary solution to safeguard the devices from exploiting their web UI. You only need to disable it until Cisco releases a relevant update.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>You can use the following steps to disable HTTP and HTTPS.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Step 1: <\/strong>Check the running configuration to <strong>verify whether the HTTP service is running<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>show running-config | include ip http server | secure |active &nbsp;<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Step 2:<\/strong> Check for the following response<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ip http server<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>ip http secure-server<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Step 3:<\/strong> If you find the responses mentioned in step 2, execute the following commands.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>no ip http server<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>no ip http secure-server<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>copy running-configuration startup-configuration<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">Mitigation #2: Disable the HTTP\/S Server Access<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">You need to use this mitigation mechanism if you are unable to disable the HTTP\/S on the Cisco devices. Here, you should restrict access to public-facing devices running on Cisco IOS XE. From the network device controller, you can restrict their services and prevent attackers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Mitigation #3: Scan the Network for Backdoors and Implants<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">As you know, attackers create backdoors after gaining access to the devices. Also, they exploit the CVE-2021-1435 to execute arbitrary code. To prevent all this from happening on your network devices, scan them for detecting implants.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>You can use the following command:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl -k -X POST \"https&#91;:]\/\/Cisco_Device_IP\/webui\/logoutconfirm.html?logon_hash=1\"<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">If you receive a hash in return, then a backdoor\/implant is present. You should find and remove it from the startup-config and all other memory units.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Mitigation #4: Check Devices for Unknown Accounts and act accordingly<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Once an attacker accesses the Cisco IOS XE device, they first create an account with admin-level controls. You should check the total accounts on the device and cross-verify them with documentation. If you find any unknown account, validate it and delete it instantly.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Some of the usernames used by attackers are discovered, which include \u201c<strong>cisco_tac_admin<\/strong>\u201d and \u201c<strong>cisco_support<\/strong>.&#8221;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In addition, you can also check the logs starting with \u201c<strong>%SYS-5-CONFIG_P<\/strong>\u201d. These logs are created when someone creates a new account on the web UI.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">So, these are the mitigations that you should consider to be safe from exploitation. Additionally, when you patch the vulnerability, utilize a <a href=\"https:\/\/certera.com\/buy-ssl-certificates\">top-notch SSL certificate<\/a> for your HTTP\/S server. It will help retain the data integrity, availability, and confidentiality.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Concluding Up<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The Cisco IOS XE vulnerability leverages illegitimate actors to access the public-facing network devices and utilize its web UI with admin controls. Currently, only a few versions of the operating system have received a patch. <\/p>\n\n\n\n<p class=\"wp-block-paragraph\">And until Cisco releases a final patch for all the versions and devices, you should follow the mitigation mechanism mentioned above. It will help you safeguard your devices and network from arbitrary code execution and unauthorized access.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cisco discovered a zero-day vulnerability on 16 October 2023. During vulnerability analysis, it was discovered that the web UI of Cisco IOS XE is being exploited. All the potential public-facing network devices are on the verge of being accessed by attackers. But, to safeguard the businesses, Cisco released some mitigation mechanisms and patches for some<span class=\"morelink d-block mt-3\"><a href=\"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/\">Read More<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":1783,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17,6],"tags":[290,289,288],"class_list":["post-1781","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ssl-errors","category-security","tag-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe","tag-what-is-cve-2023-20198-vulnerability","tag-zero-day-vulnerability","entry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Fix CVE-2023-20198 Vulnerability in Cisco IOS XE?<\/title>\n<meta name=\"description\" content=\"A zero-day vulnerability was discovered by Cisco on 16 October 2023. Follow the ways to Protect Yourself From Web UI Privilege Escalation (CVE-2023-20198).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Fix CVE-2023-20198 Vulnerability in Cisco IOS XE?\" \/>\n<meta property=\"og:description\" content=\"A zero-day vulnerability was discovered by Cisco on 16 October 2023. Follow the ways to Protect Yourself From Web UI Privilege Escalation (CVE-2023-20198).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/\" \/>\n<meta property=\"og:site_name\" content=\"Knowledge Base - Certera.com\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/certeraLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-01T04:51:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-10-07T08:01:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/certera.com\/kb\/wp-content\/uploads\/2023\/11\/how-to-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe-jpg.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"960\" \/>\n\t<meta property=\"og:image:height\" content=\"620\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"certerakbdbuser\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/certera.com\/kb\/wp-content\/uploads\/2023\/11\/how-to-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe-jpg.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:site\" content=\"@certera_llc\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"certerakbdbuser\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\\\/\"},\"author\":{\"name\":\"certerakbdbuser\",\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/#\\\/schema\\\/person\\\/c25e1519e333a817f30c805384cba014\"},\"headline\":\"How to Protect or Fix CVE-2023-20198 Vulnerability in Cisco IOS XE?\",\"datePublished\":\"2023-12-01T04:51:34+00:00\",\"dateModified\":\"2024-10-07T08:01:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\\\/\"},\"wordCount\":894,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/kb\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/how-to-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe-jpg.webp\",\"keywords\":[\"Fix CVE-2023-20198 Vulnerability in Cisco IOS XE\",\"what is CVE-2023-20198 Vulnerability\",\"Zero-Day Vulnerability\"],\"articleSection\":[\"Fix SSL Errors\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/certera.com\\\/kb\\\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/kb\\\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\\\/\",\"name\":\"How to Fix CVE-2023-20198 Vulnerability in Cisco IOS XE?\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/certera.com\\\/kb\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/how-to-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe-jpg.webp\",\"datePublished\":\"2023-12-01T04:51:34+00:00\",\"dateModified\":\"2024-10-07T08:01:29+00:00\",\"description\":\"A zero-day vulnerability was discovered by Cisco on 16 October 2023. Follow the ways to Protect Yourself From Web UI Privilege Escalation (CVE-2023-20198).\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/certera.com\\\/kb\\\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\\\/#primaryimage\",\"url\":\"https:\\\/\\\/certera.com\\\/kb\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/how-to-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe-jpg.webp\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/kb\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/how-to-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe-jpg.webp\",\"width\":960,\"height\":620,\"caption\":\"Fix CVE-2023-20198 Vulnerability in Cisco IOS XE\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/certera.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Protect or Fix CVE-2023-20198 Vulnerability in Cisco IOS XE?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/certera.com\\\/kb\\\/\",\"name\":\"Knowledge Base - Certera.com\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/#organization\"},\"alternateName\":\"Certera Knowledgebase\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/certera.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/#organization\",\"name\":\"Certera\",\"url\":\"https:\\\/\\\/certera.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/certera.com\\\/kb\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/brand-certera.svg\",\"contentUrl\":\"https:\\\/\\\/certera.com\\\/kb\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/brand-certera.svg\",\"caption\":\"Certera\"},\"image\":{\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/certeraLLC\\\/\",\"https:\\\/\\\/x.com\\\/certera_llc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/certera-llc\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/certera.com\\\/kb\\\/#\\\/schema\\\/person\\\/c25e1519e333a817f30c805384cba014\",\"name\":\"certerakbdbuser\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=mm&r=g\",\"caption\":\"certerakbdbuser\"},\"sameAs\":[\"https:\\\/\\\/certerakb.ssltoolsonline.com\"],\"url\":\"https:\\\/\\\/certera.com\\\/kb\\\/author\\\/certerakbdbuser\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Fix CVE-2023-20198 Vulnerability in Cisco IOS XE?","description":"A zero-day vulnerability was discovered by Cisco on 16 October 2023. Follow the ways to Protect Yourself From Web UI Privilege Escalation (CVE-2023-20198).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/","og_locale":"en_US","og_type":"article","og_title":"How to Fix CVE-2023-20198 Vulnerability in Cisco IOS XE?","og_description":"A zero-day vulnerability was discovered by Cisco on 16 October 2023. Follow the ways to Protect Yourself From Web UI Privilege Escalation (CVE-2023-20198).","og_url":"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/","og_site_name":"Knowledge Base - Certera.com","article_publisher":"https:\/\/www.facebook.com\/certeraLLC\/","article_published_time":"2023-12-01T04:51:34+00:00","article_modified_time":"2024-10-07T08:01:29+00:00","og_image":[{"width":960,"height":620,"url":"https:\/\/certera.com\/kb\/wp-content\/uploads\/2023\/11\/how-to-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe-jpg.webp","type":"image\/jpeg"}],"author":"certerakbdbuser","twitter_card":"summary_large_image","twitter_image":"https:\/\/certera.com\/kb\/wp-content\/uploads\/2023\/11\/how-to-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe-jpg.webp","twitter_creator":"@certera_llc","twitter_site":"@certera_llc","twitter_misc":{"Written by":"certerakbdbuser","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/#article","isPartOf":{"@id":"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/"},"author":{"name":"certerakbdbuser","@id":"https:\/\/certera.com\/kb\/#\/schema\/person\/c25e1519e333a817f30c805384cba014"},"headline":"How to Protect or Fix CVE-2023-20198 Vulnerability in Cisco IOS XE?","datePublished":"2023-12-01T04:51:34+00:00","dateModified":"2024-10-07T08:01:29+00:00","mainEntityOfPage":{"@id":"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/"},"wordCount":894,"commentCount":0,"publisher":{"@id":"https:\/\/certera.com\/kb\/#organization"},"image":{"@id":"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/kb\/wp-content\/uploads\/2023\/11\/how-to-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe-jpg.webp","keywords":["Fix CVE-2023-20198 Vulnerability in Cisco IOS XE","what is CVE-2023-20198 Vulnerability","Zero-Day Vulnerability"],"articleSection":["Fix SSL Errors","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/","url":"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/","name":"How to Fix CVE-2023-20198 Vulnerability in Cisco IOS XE?","isPartOf":{"@id":"https:\/\/certera.com\/kb\/#website"},"primaryImageOfPage":{"@id":"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/#primaryimage"},"image":{"@id":"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/#primaryimage"},"thumbnailUrl":"https:\/\/certera.com\/kb\/wp-content\/uploads\/2023\/11\/how-to-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe-jpg.webp","datePublished":"2023-12-01T04:51:34+00:00","dateModified":"2024-10-07T08:01:29+00:00","description":"A zero-day vulnerability was discovered by Cisco on 16 October 2023. Follow the ways to Protect Yourself From Web UI Privilege Escalation (CVE-2023-20198).","breadcrumb":{"@id":"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/#primaryimage","url":"https:\/\/certera.com\/kb\/wp-content\/uploads\/2023\/11\/how-to-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe-jpg.webp","contentUrl":"https:\/\/certera.com\/kb\/wp-content\/uploads\/2023\/11\/how-to-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe-jpg.webp","width":960,"height":620,"caption":"Fix CVE-2023-20198 Vulnerability in Cisco IOS XE"},{"@type":"BreadcrumbList","@id":"https:\/\/certera.com\/kb\/how-to-protect-or-fix-cve-2023-20198-vulnerability-in-cisco-ios-xe\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/certera.com\/kb\/"},{"@type":"ListItem","position":2,"name":"How to Protect or Fix CVE-2023-20198 Vulnerability in Cisco IOS XE?"}]},{"@type":"WebSite","@id":"https:\/\/certera.com\/kb\/#website","url":"https:\/\/certera.com\/kb\/","name":"Knowledge Base - Certera.com","description":"","publisher":{"@id":"https:\/\/certera.com\/kb\/#organization"},"alternateName":"Certera Knowledgebase","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/certera.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/certera.com\/kb\/#organization","name":"Certera","url":"https:\/\/certera.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/certera.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/certera.com\/kb\/wp-content\/uploads\/2023\/01\/brand-certera.svg","contentUrl":"https:\/\/certera.com\/kb\/wp-content\/uploads\/2023\/01\/brand-certera.svg","caption":"Certera"},"image":{"@id":"https:\/\/certera.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/certeraLLC\/","https:\/\/x.com\/certera_llc","https:\/\/www.linkedin.com\/company\/certera-llc\/"]},{"@type":"Person","@id":"https:\/\/certera.com\/kb\/#\/schema\/person\/c25e1519e333a817f30c805384cba014","name":"certerakbdbuser","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1fba817ef81065f1393461fc3a0d85c40f2cc826919819ea4df4b12d76566e62?s=96&d=mm&r=g","caption":"certerakbdbuser"},"sameAs":["https:\/\/certerakb.ssltoolsonline.com"],"url":"https:\/\/certera.com\/kb\/author\/certerakbdbuser\/"}]}},"_links":{"self":[{"href":"https:\/\/certera.com\/kb\/wp-json\/wp\/v2\/posts\/1781","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/certera.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certera.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certera.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certera.com\/kb\/wp-json\/wp\/v2\/comments?post=1781"}],"version-history":[{"count":4,"href":"https:\/\/certera.com\/kb\/wp-json\/wp\/v2\/posts\/1781\/revisions"}],"predecessor-version":[{"id":2322,"href":"https:\/\/certera.com\/kb\/wp-json\/wp\/v2\/posts\/1781\/revisions\/2322"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/certera.com\/kb\/wp-json\/wp\/v2\/media\/1783"}],"wp:attachment":[{"href":"https:\/\/certera.com\/kb\/wp-json\/wp\/v2\/media?parent=1781"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certera.com\/kb\/wp-json\/wp\/v2\/categories?post=1781"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certera.com\/kb\/wp-json\/wp\/v2\/tags?post=1781"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}