"Vulnerability in Cisco Industrial Appliances Is a Potential Nightmare"

Some of Cisco's industrial routers, gateways, and enterprise wireless access points were discovered to contain a high-severity vulnerability, tracked as CVE-2023-20076. This now-patched vulnerability could be used to inject malicious code that cannot be removed by merely rebooting or updating the device's firmware. Though attackers must first get authenticated administrator access to a vulnerable device in order to exploit it, successful phishing attacks, default login credentials, and privilege escalation flaws are not as uncommon as one might hope and might pave the way for exploitation. Researchers found the vulnerability in a Cisco ISR 4431 router, specifically in the Cisco IOx application hosting environment, which enables administrators to deploy application containers or virtual machines directly on Cisco devices. It has been discovered that the issue affects additional Cisco solutions. This article continues to discuss the high-severity vulnerability discovered in Cisco industrial appliances. 

Help Net Security reports "Vulnerability in Cisco Industrial Appliances Is a Potential Nightmare"