The Australian cyber agency warns that over 150 devices remain compromised with the BadCandy implant, two years after patches were released. This highlights the ongoing challenge of patch management and vulnerability re-exploitation in network edge devices. #BadCandy #CVE-2023-20198 #CiscoIOSXE
Keypoints
- BadCandy is a Lua-based web shell implant deployed on Cisco IOS XE routers via exploiting CVE-2023-20198.
- The vulnerability allows attackers to create privileged accounts, granting full control over affected devices.
- Over 150 Australian devices remain compromised despite patches and notifications, illustrating systemic patching issues.
- Both criminal and state-sponsored actors exploit these vulnerabilities for espionage, disruption, or criminal activities.
- Detection includes reviewing privileged accounts, tunnel interfaces, configuration logs, and specific implant files.
Read More: https://thecyberexpress.com/150-australian-devices-have-badcandy-implant/