🧟 Cisco CVE-2023-20198 - Or how to create your own botnet?

Introduction

On October 16, 2023, Cisco disclosed a critical privilege elevation vulnerability via the web interface under the identifier CVE-2023-20198 with a CVSS score of 10.

Cisco claims that the vulnerability is widely exploited. The vulnerability allows an unauthenticated attacker to create an account with maximum privileges. There is no patch for this vulnerability at the moment.