Cisco is warning of attempted exploitation of a security flaw in its IOS Program and IOS XE Program that could allow an authenticated distant attacker to obtain distant code execution on influenced units.
The medium-severity vulnerability is tracked as CVE-2023-20109, and has a CVSS rating of 6.6. It impacts all variations of the computer software that have the GDOI or G-IKEv2 protocol enabled.
The organization stated the shortcoming “could let an authenticated, remote attacker who has administrative manage of both a group member or a key server to execute arbitrary code on an afflicted system or cause the system to crash.”
It further more noted that the issue is the consequence of inadequate validation of attributes in the Team Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN function and it could be weaponized by both compromising an installed essential server or modifying the configuration of a team member to issue to a crucial server that is controlled by the attacker.
The vulnerability is mentioned to have been found adhering to an internal investigation and source code audit initiated following an “attempted exploitation of the GET VPN feature.”
The revelation arrives as Cisco in-depth a established of 5 flaws in Catalyst SD-WAN Manager (variations 20.3 to 20.12) that could allow for an attacker to entry an influenced instance or cause a denial of provider (DoS) issue on an impacted method –
- CVE-2023-20252 (CVSS rating: 9.8) – Unauthorized Accessibility Vulnerability
- CVE-2023-20253 (CVSS rating: 8.4) – Unauthorized Configuration Rollback Vulnerability
- CVE-2023-20034 (CVSS rating: 7.5) – Information Disclosure Vulnerability
- CVE-2023-20254 (CVSS rating: 7.2) – Authorization Bypass Vulnerability
- CVE-2023-20262 (CVSS score: 5.3) – Denial-of-Services Vulnerability
Effective exploitation of the bugs could allow for the danger actor to attain unauthorized accessibility to the application as an arbitrary user, bypass authorization and roll back controller configurations, entry the Elasticsearch databases of an affected method, accessibility another tenant managed by the identical instance, and result in a crash.
Consumers are advised to enhance to a preset computer software release to remediate the vulnerabilities.
Uncovered this article intriguing? Abide by us on Twitter and LinkedIn to browse extra unique material we submit.
Some parts of this write-up are sourced from: