Cisco iOS XE uses a Lua app server for it's HTTP(S) interface. Not sure if it's a custom in-house, COTS, or implementation of one of those FOSS Lua app servers. I suppose it's worthwhile exploring if any of these app servers are vulnerable to the same type of exploitation[0].<p>>"The implant is based on the Lua programming language"<p>>The implant is saved in the file path “/usr/binos/conf/nginx-conf/cisco_service.conf.”<p>[0] <a href="https://arstechnica.com/security/2023/10/actively-exploited-cisco-0-day-with-maximum-10-severity-gives-full-network-control/#:~:text=The%20implant%20is%20based%20on%20the%20Lua%20programming%20language" rel="nofollow noreferrer">https://arstechnica.com/security/2023/10/actively-exploited-...</a>