Cisco releases security advisory following cyber threat to software

  • 19 October 2023
Cisco releases security advisory following cyber threat to software

Cisco has released a security advisory following a cyber threat to its IOS EX Software, which without action could leave customers vulnerable.

At 4.50pm yesterday (17 October), Cisco released the following statement on the NHS England cyber page:

“Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks.

“This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.

“The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory Cisco will provide updates on the status of this investigation and when a software patch is available.”

Cisco has provided remediation advice and steps, with the main one being that “customers disable the HTTP Server feature on all internet-facing systems”.

Paul Barnes, head of operations and engagement, cyber security at NHS England, confirmed on LinkedIn that NHSE have released a High Severity Alert to the health and care system in England.

“There is currently no patch, just mitigating actions. The impacted equipment is widely used globally and Cisco has already seen equipment actively exploited in the wild,” he said.

Cisco were approached by Digital Health News for further comment on the matter but are yet to respond.

Cyber security continues to be a pressing issue for the NHS and wider UK healthcare sector. However, a new report from iomart and Oxford Economics has recently revealed that more than half (56%) of UK healthcare businesses are seeing an increase in cyber threats and AI could be the solution.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Synnovis attack led to at least five cases of ‘moderate’ patient harm

Synnovis attack led to at least five cases of ‘moderate’ patient harm

The Synnovis cyber attack led to at least 119 incidents of patient harm, including at least five cases of 'moderate harm', figures show.
Facial recognition tech for pain management trialled in Bedfordshire

Facial recognition tech for pain management trialled in Bedfordshire

Facial recognition technology for pain management is being trialled at residential and nursing homes in Bedfordshire, Luton and Milton Keynes.
UK government to create surveillance system for future pandemics

UK government to create surveillance system for future pandemics

The UK government has announced plans to create a real-time surveillance system to monitor the threat of future pandemics and prevent disease.

1 Comments

  • I’m glad to see that Cisco is taking proactive steps to address the cyber threat to its software. In today’s interconnected world, cybersecurity is of utmost importance, and it’s reassuring to know that companies like Cisco are actively monitoring and responding to potential threats.

Comments are closed.