Cisco releases security advisory following cyber threat to software

  • 19 October 2023
Cisco releases security advisory following cyber threat to software

Cisco has released a security advisory following a cyber threat to its IOS EX Software, which without action could leave customers vulnerable.

At 4.50pm yesterday (17 October), Cisco released the following statement on the NHS England cyber page:

“Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks.

“This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access.

“The attacker can then use that account to gain control of the affected system. For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory Cisco will provide updates on the status of this investigation and when a software patch is available.”

Cisco has provided remediation advice and steps, with the main one being that “customers disable the HTTP Server feature on all internet-facing systems”.

Paul Barnes, head of operations and engagement, cyber security at NHS England, confirmed on LinkedIn that NHSE have released a High Severity Alert to the health and care system in England.

“There is currently no patch, just mitigating actions. The impacted equipment is widely used globally and Cisco has already seen equipment actively exploited in the wild,” he said.

Cisco were approached by Digital Health News for further comment on the matter but are yet to respond.

Cyber security continues to be a pressing issue for the NHS and wider UK healthcare sector. However, a new report from iomart and Oxford Economics has recently revealed that more than half (56%) of UK healthcare businesses are seeing an increase in cyber threats and AI could be the solution.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Barts Health rolls out Cynerio cyber security platform

Barts Health rolls out Cynerio cyber security platform

Barts Health NHS Trust has rolled out Cynerio’s healthcare-focused cyber security platform across all of its sites.
NHS England’s cyber chief Mike Fell announced for Rewired 2025

NHS England’s cyber chief Mike Fell announced for Rewired 2025

Mike Fell, national cyber operations executive director at NHS England will deliver a national keynote at Digital Health Rewired 2025.
NHSE announces digital eye screening plans for diabetes patients

NHSE announces digital eye screening plans for diabetes patients

NHS England has announced plans to provide digital eye scans in the community for diabetes patients, helping to prevent sight loss.

1 Comments

  • I’m glad to see that Cisco is taking proactive steps to address the cyber threat to its software. In today’s interconnected world, cybersecurity is of utmost importance, and it’s reassuring to know that companies like Cisco are actively monitoring and responding to potential threats.

Comments are closed.