A newly discovered zero-day vulnerability in Cisco's operating systems, CVE-2023-20109, could potentially allow cybercriminals to gain full control over affected devices, execute any code, and instigate denial of service (DoS) conditions. This vulnerability was one of eight detailed in Cisco's latest semi-annual Security Advisory Bundled Publication, released on September 27. Notably, CVE-2023-20109 has already been targeted for exploitation at least once.
Cisco confirmed the vulnerabilities and stated they have released software updates to address them. The company advised users to refer to the specific security advisory for more details. Tim Silverline, Vice President of Security at Gluware, commented on the situation, suggesting that while the vulnerability is not to be overlooked, it doesn't warrant panic. He emphasized that if a malicious actor already has full access to the target environment, it's likely that the system is already compromised.
The vulnerability affects Cisco's VPN feature, Group Encrypted Transport VPN (GET VPN). If an attacker has already infiltrated such a private network environment, they could exploit it in two ways: by compromising the key server and altering packets sent to group members, or by setting up their own key server and reconfiguring group members to communicate with it.
On the same day of the semi-annual security publication, US and Japanese authorities issued a joint warning about a Chinese state-sponsored Advanced Persistent Threat (APT) group altering Cisco firmware in attacks against large, multinational organizations. Silverline dismissed this as a coincidence, stating that new vulnerabilities from major vendors like Cisco are common, and that the occurrence of two events in two days doesn't indicate a new trend.
Silverline observed that attacks are becoming more sophisticated and are being exploited more rapidly. He pointed out that edge technologies are particularly attractive to attackers due to their exposure to the wider web and sometimes weaker security protections. Silverline recommended a few best practices, such as preventing network devices from sending outbound communications, using network automation capabilities to verify and implement configurations across the network, and employing audit capabilities to alert network teams of any policy violations or changes.