Summary: GreyNoise researchers revealed that the Chinese state-sponsored threat group, Salt Typhoon, has been actively exploiting two Cisco vulnerabilities, CVE-2018-0171 and CVE-2023-20198, in attacks against telecom companies. The vulnerabilities, affecting Cisco IOS and IOS XE software, have been linked to significant breaches and unauthorized access to sensitive information. Ongoing threat activity was observed, highlighting a broader concern regarding Cisco vulnerabilities being targeted by malicious actors.
Affected: Cisco systems
Keypoints :
- Active exploitation of CVE-2018-0171 and CVE-2023-20198 have been reported by GreyNoise and Recorded Future.
- Salt Typhoon exploited these vulnerabilities to breach multiple telecom providers, including U.S. companies.
- 110 malicious IPs were identified targeting CVE-2023-20198, with origins from countries including Bulgaria, Brazil, and Singapore.