Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts

    justmattgBy justmattgSeptember 29, 2023No Comments2 Mins Read

    [ad_1]

    Sep 29, 2023THNVulnerability / Network Security

    Vulnerability in IOS and IOS XE Software

    Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems.

    The medium-severity vulnerability is tracked as CVE-2023-20109, and has a CVSS score of 6.6. It impacts all versions of the software that have the GDOI or G-IKEv2 protocol enabled.

    The company said the shortcoming “could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash.”

    It further noted that the issue is the result of insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature and it could be weaponized by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker.

    Cybersecurity

    The vulnerability is said to have been discovered following an internal investigation and source code audit initiated after an “attempted exploitation of the GET VPN feature.”

    The revelation comes as Cisco detailed a set of five flaws in Catalyst SD-WAN Manager (versions 20.3 to 20.12) that could allow an attacker to access an affected instance or cause a denial of service (DoS) condition on an affected system –

    • CVE-2023-20252 (CVSS score: 9.8) – Unauthorized Access Vulnerability
    • CVE-2023-20253 (CVSS score: 8.4) – Unauthorized Configuration Rollback Vulnerability
    • CVE-2023-20034 (CVSS score: 7.5) – Information Disclosure Vulnerability
    • CVE-2023-20254 (CVSS score: 7.2) – Authorization Bypass Vulnerability
    • CVE-2023-20262 (CVSS score: 5.3) – Denial-of-Service Vulnerability

    Successful exploitation of the bugs could allow the threat actor to gain unauthorized access to the application as an arbitrary user, bypass authorization and roll back controller configurations, access the Elasticsearch database of an affected system, access another tenant managed by the same instance, and cause a crash.

    Customers are recommended to upgrade to a fixed software release to remediate the vulnerabilities.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleICAO TRIP Symposium underscores the vital role of technology and innovation in advancing traveler mobility
    Next Article QR Code 101: What the Threats Look Like
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑