Cyber Risk

Tue, Nov 7, 2023

SkeletonXE - Responding to the CISCO Vulnerability (CVE-2023-20198)

/en/our-team/george-glassGeorge Glass

George Glass

/en/our-team/laurie-iaconoLaurie Iacono

Laurie Iacono

Ryan Hicks

Ryan Hicks

On October 16, 2023, Kroll Cyber Threat Intelligence (CTI) analysts were made aware of an ongoing exploitation of a recently discovered vulnerability within the web user interface (UI) functionality of Cisco IOS XE (CVE-2023-20198). This security flaw is critical with a CVSS score of 10.

Score Range
Severity Category

0.0

None

0.1 – 3.9

Low

4.0 – 6.9

Medium

7.0 – 8.9

High

9.0 – 10.0

Critical

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.

Cyber Risk

Virtual CISO (vCISO) Advisory Services

Kroll’s Virtual CISO (vCISO) services help executives, security and technology teams safeguard information assets while supporting business operations with augmented cyber expertise to reduce business risk, signal commitment to data security and enhance overall security posture.

Virtual CISO (vCISO) Advisory Services

Cyber Vulnerability Assessment

Proactively identify vulnerable systems and devices that may be exploited by an attacker or malicious software, often resulting in data loss or breach.

Cyber Vulnerability Assessment

Data Breach Notification Letters

Kroll will work with your team to implement a personalized, plain-language notification letter that provides pertinent information and maintains message control.

Data Breach Notification Letters

Cyber Threat Intelligence

Threat intelligence are fueled by frontline incident response intel and elite analysts to effectively hunt and respond to threats.

Cyber Threat Intelligence
Explore Insights
The State of Cyber Defense 2023: Detection and Response Maturity Model
Managed Detection and Response

The State of Cyber Defense 2023: Detection and Response Maturity Model

September 26, 2023
Kroll Launches Detection and Response Maturity Model and Finds 91% of Businesses Overestimate Their Cyber Maturity, Increasing Their Vulnerability to Cyberattacks
Clop Ransomware Likely Sitting on MOVEit Transfer Vulnerability (CVE-2023-34362) Since 2021
Threat Intelligence

Clop Ransomware Likely Sitting on MOVEit Transfer Vulnerability (CVE-2023-34362) Since 2021

June 8, 2023

by Scott Downie, Laurie Iacono, Dan Cox

Responding Critical Moveit Transfer Vulnerability CVE 2023 34362
MOVEit Vulnerability Investigations Uncover Additional Exfiltration Method
Threat Intelligence

MOVEit Vulnerability Investigations Uncover Additional Exfiltration Method

July 24, 2023

by Steven Coffey, Josh Mitchell, Dan Cox

MOVEit Vulnerability Investigations Uncover New Hidden Exfiltration Method
Rise in MFA Bypass Leads to Account Compromise
Cyber

Rise in MFA Bypass Leads to Account Compromise

October 30, 2023

by Marc Brawner, Keith Wojcieszek, George Glass, Ryan Hicks

Rise in MFA Bypass Leads to Account Compromise

Kroll is headquartered in New York with offices around the world.

55 East 52nd Street 17 Fl
New York NY 10055
+1 212 593 1000
Sign up to receive periodic news, reports, and invitations from Kroll. Our privacy policy describes how your data will be processed.

More About Kroll

More About Kroll
© 2024 Kroll, LLC. All rights reserved. Kroll is not affiliated with Kroll Bond Rating Agency, Kroll OnTrack Inc. or their affiliated businesses. Read more.
Return to top