Cisco recently disclosed a new high severity vulnerability which affects Web UI feature of Cisco IOS XE devices.

This newly identified flaw tracked as CVE-2023-20273, is actively being exploited to deploy malicious implants on IOS XE devices.

This vulnerability is linked with another zero-day vulnerability (CVE-2023-20198) that was disclosed earlier by Cisco. The advisory updates the guidance given earlier in SQTK_ADV_2023_0051 – Vulnerability in Cisco IOS XE.

According to Cisco, fixes for both CVE-2023-20198 and CVE-2023-20273 are now available.