A vulnerability was identified in Cisco IOS XE system. A remote attacker could exploit this vulnerability to trigger elevation of privilege on the targeted system.

The company says the critical vulnerability tracked as (CVE-2023-20198) only affects devices running with the Web User Interface (Web UI) feature enabled, which also have the HTTP or HTTPS Server feature toggled on. Cisco company cautioned administrators to disable the HTTP server feature on all vulnerable internet-facing systems until a patch becomes available.

Detailed information on vulnerability can be found in Cisco security advisory – cisco.com.