⚠ Actively exploited
Added to CISA KEV on 2023-10-23. Federal agencies required to patch by 2023-10-27. Required action: Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA..

CVE-2023-20273OS Command Injection in Cisco IOS XE

CWE-78OS Command InjectionCWE-420Unprotected Alternate Channel16 documents11 sources
Severity
7.2HIGHNVD
EPSS
92.4%
top 0.27%
CISA KEV
KEV
Added 2023-10-23
Due 2023-10-27
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Cisco IOS XECisco IOS XE Software
Timeline
KEV addedOct 23
PublishedOct 25
KEV dueOct 27
Latest updateFeb 19
CISA Required Action: Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.

Description

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software186 versions+185
NVDcisco/ios_xe17.317.3.8a+188

🔴Vulnerability Details

3
GHSA
GHSA-xm3x-5hpf-5369: A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of2023-10-25
CVEList
CVE-2023-20273: A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of2023-10-24
VulnCheck
Cisco IOS XE Web UI Command Injection Vulnerability2023

💥Exploits & PoCs

2
Metasploit
Cisco IOX XE unauthenticated OS command execution
Metasploit
Cisco IOX XE Unauthenticated RCE Chain

🔍Detection Rules

1
Suricata
ET EXPLOIT Cisco IOS XE Web UI Command Injection Vulnerability (CVE-2023-20273)2023-11-01

📋Vendor Advisories

2
CISA
Cisco IOS XE Web UI Command Injection Vulnerability2023-10-23
Cisco
Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature2023-10-16

🕵️Threat Intelligence

3
Bleepingcomputer
Chinese hackers breach more US telecoms via unpatched Cisco routers2025-02-14
Bleepingcomputer
Cisco patches IOS XE zero-days used to hack over 50,000 devices2023-10-23
Bleepingcomputer
Cisco discloses new IOS XE zero-day exploited to deploy malware implant2023-10-20

💬Community

1
HackerOne
Cisco IOS XE instance at ████ vulnerable to CVE-██████2025-02-19
CVE-2023-20273 — OS Command Injection in Cisco IOS XE | cvebase