Cisco Issues Warning Regarding IOS and IOS XE Software Vulnerability Following Attempts at Exploitation
Cisco has issued a warning regarding attempts to exploit a security hole in its IOS and IOS XE software that might allow a remote, authenticated attacker to execute remote code on vulnerable devices.
With a CVSS score of 6.6, the medium-severity vulnerability is tracked as CVE-2023-20109. It affects all software versions with the GDOI or G-IKEv2 protocol enabled.
Manufacturer
This vulnerability “could allow an authenticated, remote attacker who has the authority of either a group member or a key server to perform arbitrary code on an infected device or cause the system to crash.” |
It also stated that the problem stems from inadequate attribute validation in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature and that it could be weaponized by either infiltrating a key server that has already been installed or changing the configuration of a group member to point to a key server under the attacker’s control.
Reports
The vulnerability was found as a result of an internal inquiry and source code audit that was sparked by an “attempted exploitation of the GET VPN feature.” |
The information was made public at the same time that Cisco described a set of five vulnerabilities in Catalyst SD-WAN Manager (versions 20.3 to 20.12) that might allow an attacker to access a vulnerable instance or result in a DoS condition on a vulnerable system. –
- CVE-2023-20252 (CVSS score: 9.8) – Unauthorized Access Vulnerability
- CVE-2023-20253 (CVSS score: 8.4) – Unauthorized Configuration Rollback Vulnerability
- CVE-2023-20034 (CVSS score: 7.5) – Information Disclosure Vulnerability
- CVE-2023-20254 (CVSS score: 7.2) – Authorization Bypass Vulnerability
- CVE-2023-20262 (CVSS score: 5.3) – Denial-of-Service Vulnerability
If the flaws are successfully exploited, the threat actor may be able to crash the system, access another tenant controlled by the same instance, bypass authorization and roll back controller configurations, and gain unauthorized access to the application as an arbitrary user.
To address the vulnerabilities, customers are advised to upgrade to a corrected software release.
About The Author
Suraj Koli is a content specialist with expertise in Cybersecurity and B2B Domains. He has provided his skills for News4Hackers Blog and Craw Security. Moreover, he has written content for various sectors Business, Law, Food & Beverage, Entertainment, and many others. Koli established his center of the field in a very amazing scenario. Simply said, he started his career selling products, where he enhanced his skills in understanding the product and the point of view of clients from the customer’s perspective, which simplified his journey in the long run. It makes him an interesting personality among other writers. Currently, he is a regular writer at Craw Security.
Read More Article Here: