Cisco Finds New Zero-Day Bug, Pledges Patches in Days

A patch for the max-severity zero-day bug tracked as CVE-2023-20198 is coming soon, but the bug has already led to the compromise of tens of thousands of Cisco devices. And now, theres a new unpatched threat.

Cisco said a patch for two actively exploited zero-day flaws in its IOS XE devices is scheduled to drop on Oct. 22.
The
first Cisco zero-day bug
, tracked under CVE-2023-20198, was announced on Oct. 16 and has a severity rating of 10 out of 10. At the time it was discovered, it had already allowed threat actors to compromise more than 10,000 Cisco devices.
On Oct. 19, Cisco said it believed the
cyberattacks against its IOS XE devices
were all being carried out by the same threat actor.
Now, in an Oct. 20 update to its
threat advisory
, Cisco reported theres another previously unknown flaw involved, tracked under CVE-2023-20273 — it carries a slightly less scary CVSS score of 7.2.
Both are being used in the same exploit chain. Threat actors used the first bug for initial access, and the second to escalate privileges once authenticated, according to an emailed statement from Cisco announcing the coming patch release.
Cisco also added another clarification from its earlier reporting on the first bug: it was thought in the early response that the threat actor had combined the new zero-day with a known and patched vulnerability from 2021, raising the specter of a patch bypass issue. But Cisco has now dismissed that theory, according to a statement from the company.
The CVE-2021-1435 that had previously been mentioned is no longer assessed to be associated with this activity, it said.
As Cisco continues to wrap its arms around the breadth of the threat, cybersecurity expert and consultant Immanuel Chavoya expects to see a spike in malicious activity against vulnerable devices in the lead up to the release of the updated version.
Active exploitation will continue and lead to ransomware probably over this weekend, as threat actors rush to capitalize before any patch or remediation, he predicts.
But beyond the short-term, Chavoya is dubious many Cisco customers will take the necessary steps to remediate.
I can tell you from experience
many customers do not or will never patch
— and are absolutely unaware of the exploitation status currently (SMBs, etc.) — and so thus, exploitation will continue for months or years.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Cisco Finds New Zero-Day Bug, Pledges Patches in Days