Cisco warns of vulnerabilities in iOS and iOS XE software after exploitation attempts

Cisco is warning of an attempted exploitation of a security flaw in its IOS software and IOS XE software that ....

by Vikash Kumawat
0 comment 112 views

Cisco is warning of an attempted exploitation of a security flaw in its IOS software and IOS XE software that could allow an authenticated remote attacker to achieve remote code execution on an affected system.

The medium-severity vulnerability is tracked as CVE-2023-20109, and has a CVSS score of 6.6. This affects all versions of the software that have the GDOI or G-IKEv2 protocol enabled.

The company said the flaw “could allow an authenticated, remote attacker, who has administrative control of a group member or key server, to execute arbitrary code on an affected device or cause the device to crash.”

It further states that the issue is a result of insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature and can be weaponized by compromising the installed key server or modifying the configuration of a group member points to a key server that is controlled by the attacker.

The vulnerability is said to have been discovered following an internal investigation and source code audit initiated after “an attempt to exploit the GET VPN feature”.

The revelation comes as Cisco detailed a set of five flaws in Catalyst SD-WAN Manager (versions 20.3 to 20.12) that could allow an attacker to access an affected instance or cause a denial of service (DoS) condition on an affected system –

  • CVE-2023-20252 (CVSS score: 9.8) – Unauthorized Access Vulnerability
  • CVE-2023-20253 (CVSS score: 8.4) – Unauthorized Configuration Rollback Vulnerability
  • CVE-2023-20034 (CVSS score: 7.5) – Information Disclosure Vulnerability
  • CVE-2023-20254 (CVSS score: 7.2) – Authorization Bypass Vulnerability
  • CVE-2023-20262 (CVSS score: 5.3) – Denial-of-Service Vulnerability

Successful exploitation of the bugs could allow the threat actor to gain unauthorized access to the application as an arbitrary user, bypass authorization and roll back controller configurations, access the Elasticsearch database of an affected system, access another tenant managed by the same instance, and cause a crash.

Customers are advised to upgrade to a certain software release to fix vulnerabilities.

You may also like

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Update Required Flash plugin