Cisco has released patches for a high-severity vulnerability (CVE-2023-20076) found in some of its industrial routers, gateways and enterprise wireless access points, which may allow attackers to insert malicious code that can’t be deleted by simply rebooting the device or updating its firmware.
“In this case, the command injection bypasses mitigations Cisco has in place to ensure vulnerabilities do not persist in a system. Side-stepping this security measure means that if an attacker exploits this vulnerability, the malicious package will keep running until the device is factory reset or until it is manually deleted,” according to Trellix vulnerability researchers Sam Quinn and Kasimir Schulz.