CVE-2023-20109

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 6 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

0.63%

probability

This CVE has a 0.63% probability of being exploited in the next 30 days.

0% Top 70.6th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime CWE-787 · Out-of-bounds Write

Cisco warns of new IOS XE zero-day actively exploited in attacks

BleepingComputer Oct 16, 2023

Cisco discloses new IOS XE zero-day exploited to deploy malware implant

BleepingComputer Oct 20, 2023

Over 10,000 Cisco devices hacked in IOS XE zero-day attacks

BleepingComputer Oct 17, 2023

Cisco urges admins to fix IOS software zero-day exploited in attacks

BleepingComputer Sep 28, 2023

Cisco Releases Urgent Patch to Fix Critical Flaw in Emergency Responder Systems

TheHackerNews

Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts

TheHackerNews

Signal Intelligence

Confidenceⓘ

92%

EPSS 0.63%

Mentions 6

Last Seen Oct 20, 2023

CNA Information

Analyst Note

Multiple high-scoring BleepingComputer articles explicitly state CVE-2023-20109 is a Cisco IOS XE zero-day actively exploited in the wild to deploy malware and compromise over 10,000 devices. The language 'zero-day actively exploited' and 'exploited in attacks' with no evidence of prior patching strongly indicates exploitation preceded patch availability.