TL;DR : Cisco identified active exploitation of a vulnerability in the Web UI for Cisco IOS XE software.
The details:
The vulnerability exists in the Web UI and is a risk if the web interface is publicly exposed. As a result of the vulnerability, an attacker can gain the highest level of access to the device through exploitation.
Why we are telling you:
If your organization uses a device with Cisco IOS XE and has a web interface publicly accessible, it is at risk. There is currently no patch available and the current recommendation is to disable the external facing web interface or use access lists to restrict where the interface can be accessed from. (Note: It is best practice to restrict access to the web interface and prevent it from being publicly available.)
More Info/ References:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z