Cisco discloses new IOS XE zero-day exploited to deploy malware implant

Cisco revealed it faces a high-severity zero-day (CVE-2023-20273) issue being actively exploited by hackers deploying malicious implants on IOS XE devices, with around 40,000 devices already compromised. Cisco says it will release fixes for two zero-day vulnerabilities via the Cisco Software Download Center from 22 October. Admins are being urged to disable the vulnerable HTTP server feature on internet-facing systems and check for suspicious user accounts.