Multiple (also critical) vulnerabilities were found in Cisco IOS XE Software Web UI that effect devices with HTTP in HTTPS protocols enabled and exposed to the Internet. The most critical is vulnerability CVE-2023-20198 with CVSS score 10.0, which allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. Details are available in the Cisco Security Advisory and in the Cisco Thalos threat advisory.