ioc[.]one - OSINT Cyber Threat Intelligence Database

CGSI network spotted Cisco Devices Compromise through IOS XE Zero-Day Vulnerability (CVE-2023-20198)

Tags

country:	Australia Canada Chile Netherlands Germany India Indonesia Philippines Singapore United Kingdom United States Of America
attack-pattern:	Data Hardware - T1592.001 Local Account - T1087.001 Local Account - T1136.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	1fae2415-395c-4a05-bb95-d47292784ad7
Fingerprint	ac88bd87e9038ba9
Analysis status	DONE
Considered CTI value	0
Text language
Published	Oct. 19, 2023, midnight
Added to db	Nov. 20, 2023, 1:04 a.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline	CGSI network spotted Cisco Devices Compromise through IOS XE Zero-Day Vulnerability (CVE-2023-20198)
Title	CGSI network spotted Cisco Devices Compromise through IOS XE Zero-Day Vulnerability (CVE-2023-20198)
Detected Hints/Tags/Attributes	46/2/17

Source URLs

	Redirection	Url
Details	Source	https://cyble.com/2023/10/19/cisco-devices-compromised-through-ios-xe-zero-day-vulnerability-cve-2023-20198/
Details	Source	https://cyble.com/blog/cisco-devices-compromised-through-ios-xe-zero-day-vulnerability-cve-2023-20198/

URL Provider

Details	Provider	Source level domain
Details	cyble.com	cyble.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	98	✔	Cyble	https://cyble.com/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	117		cve-2023-20198
Details	CVE	24		cve-2021-1435
Details	Domain	261		blog.talosintelligence.com
Details	Domain	4128		github.com
Details	File	23		logoutconfirm.html
Details	Github username	5		vulncheck-oss
Details	IPv4	12		5.149.249.74
Details	IPv4	12		154.53.56.231
Details	IPv4	1		172.104.131.24
Details	IPv4	1		170.64.204.42
Details	IPv4	1		138.197.200.139
Details	IPv4	1		143.110.186.105
Details	Url	4		https://systemip/webui/logoutconfirm.html?logon_hash=1
Details	Url	11		https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iosxe-webui-privesc-j22saa4z
Details	Url	6		https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software
Details	Url	1		https://socradar.io/cisco-warns-of-exploitation-of-a-maximum-severity-zero-day-vulnerability-in-ios-xe-cve-2023-20198
Details	Url	1		https://github.com/vulncheck-oss/cisco-ios-xe-implant-scanner