October 24, 2023 at 12:37PM

A backdoor is implanted on Cisco devices by exploiting a pair of zero-day flaws in IOS XE software that has been modified by the threat actor so as to escape visibility via previous fingerprinting methods.

The attacks entail fashioning CVE-2023-20198 (CVSS score: 10.0) and CVE-2023-20273 (CVSS score: 7.2) into an exploit chain that grants the threat actor the ability to gain access to the devices, create a privileged account, and ultimately deploy a Lua-based implant on the devices.