A patch for the CVE-2023-20198 max severity zero-day flaw is on the way, but the bug has already compromised tens of thousands of Cisco systems. There’s also a fresh unpatched threat. CVE-2023-20198, the first Cisco zero-day flaw, was announced on Oct. 16 and has a severity rating of 10 out of 10. It had already allowed threat actors to compromise over 10,000 Cisco devices before it was found.
Cisco also clarified an earlier report on the first bug: the threat actor was considered to have paired the new zero-day with a known and patched vulnerability from 2021, raising the prospect of a patch bypass issue.