Hello,
Cisco rececently annouced CVE-2023-20198 with a CVSS critical rated vulnerability for IOS XE systems with a hardcoded default password in the web gui. There is no fix available.
Companies need to ensure this feature is set to OFF. Even with the rapid advisory, it takes security companies and aggregators a little bit of time to input new external data into the database, ourselves included.
But maybe you need to know right now. The good news is that we already have the data, we just need to do a quick check. Check out the following NQE that you can search right now
/* CVE-2023-20198 NQE check
16OCT2023
ForwardNetworks Community Portal
*/
http = `ip http server`;http_active_none = `ip http active-session-modules none`;
https = `ip http secure-server`;
https_active_none = `ip http secure-active-session-modules none`;
foreach d in network.devices
where d.platform.os == OS.IOS_XE
let config_http = patternMatches(d.files.config, http)
let config_http_active_none = patternMatches(d.files.config, http_active_none)
let config_https = patternMatches(d.files.config, https)
let config_https_active_none = patternMatches(d.files.config, https_active_none)
where length(config_http) != 0 && length(config_http_active_none) == 0 ||
length(config_https) != 0 && length(config_https_active_none) == 0
select {
cve: "CVE-2023-20198 Found",
name: d.platform.managementIps,
os: d.platform.os,
config_http,
config_http_active_none,
config_https,
config_https_active_none
}
