cve-2023-20273

About this tag
CVE-2023-20273 is a vulnerability affecting Cisco IOS XE software that has been exploited by China-linked state actors in targeted attacks against core routers and networking equipment. The advisory highlights how adversaries weaponize unpatched, Internet-facing infrastructure, abusing built-in router features such as SPAN/ERSPAN, Embedded Packet Capture, Guest Shell, containers, SNMP, and TACACS+/RADIUS to capture subscriber metadata, intercept authentication traffic, and establish persistent covert collection paths across peering and transit links. Discussions on WindowsForum.com focus on the exploitation of this CVE in the context of global espionage campaigns, emphasizing the need for timely patching and network hardening to mitigate risks from advanced persistent threats targeting backbone and edge networking devices.
  1. China-Linked APT Attacks Target Core Routers: CVEs, Persistence, and Mitigations

    China-linked state actors have spent the last several years systematically compromising backbone and edge networking equipment — from provider-edge routers to customer-facing devices — to build a global espionage capability that steals subscriber metadata, intercepts authentication traffic, and...