Patches Released For The Actively Exploited Cisco IOS XE Zero-Day Flaws

Days after back-to-back disclosures about actively exploited zero-day vulnerabilities, Cisco has finally patched them with the latest IOS XE software release. Given the severity of the matter and to avoid potential risks, users must rush to update their systems accordingly.

Cisco IOS XE Zero-Day Flaws Fixed

Cisco recently disclosed two zero-day vulnerabilities in the IOS XE software that they found under active attack.

After publicly disclosing the flaws while suggesting mitigations, Cisco pledged to release the patches soon. And now, the firm has started rolling out the patches with updated IOS XE versions.

While one of these updates, IOS XE 17.9.4a, is now publicly available, the patches for older versions are yet to be released. Following is a breakdown of the patch releases shared in Cisco’s advisory.

Cisco IOS XE Software Release Train First Fixed Release Available
17.9 17.9.4a Yes
17.6 17.6.6a TBD
17.3 17.3.8a TBD
16.12 (Catalyst 3650 and 3850 only) 16.12.10a TBD

Cisco IOS XE software had two severe vulnerabilities that can be chained in an exploit to allow unrestricted access to an adversary. Reports suggested that the criminal hackers successfully exploited the vulnerabilities to target around 60,000 devices. Though Cisco had shared mitigations, the hackers still managed to target vulnerable devices with malicious implants before the users could protect their systems.

However, as the vulnerabilities drew attention and the exploitation attempts became visible, the attackers were seemingly alerted. According to the security firm FOX-IT, the attackers updated their malicious implants to avoid detection.

We have observed that the implant placed on tens of thousands of Cisco devices has been altered to check for an Authorization HTTP header value before responding.

The researchers have shared dedicated IOS XE implant scanning methods on GitHub to facilitate the users in scanning their systems. That even includes methods to scan for malicious implants after the update.

Given that the threat isn’t over, IOS XE users must update their devices with the latest software updates to avoid any exploits. In the cases where an immediate patch isn’t possible or available, users should apply the recommended mitigations.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients