/

CVE-2023-20109 Report - Details, Severity, Advisories and More

CVE-2023-20109 Report - Details, Severity, Advisories and More

Twinagate Team

Jan 25, 2024

CVE-2023-20109 is a medium-severity vulnerability affecting the Cisco Group Encrypted Transport VPN (GET VPN) feature in certain Cisco IOS Software and Cisco IOS XE Software versions. An attacker with administrative control could exploit this vulnerability to execute arbitrary code on affected devices or cause them to crash. The issue impacts the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature, potentially affecting a wide range of Cisco devices running the specified software versions.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, you'll need to check if your Cisco device is running a vulnerable version of Cisco IOS or Cisco IOS XE software. The vulnerability impacts numerous specific versions, including Cisco IOS versions from 12.4(22)MD to 15.1(3)MRA4 and Cisco IOS XE versions from 3.3.0SG to 17.11.99SW. If your device is running one of these versions, it may be at risk.

What should I do if I'm affected?

If you're affected by the vulnerability, follow these steps. First, update your Cisco IOS or IOS XE software to a non-vulnerable version. Next, ensure the GET VPN feature is configured securely. Lastly, monitor your network for any suspicious activity. By taking these precautions, you can reduce the risk of exploitation and protect your devices.

Where can I go to learn more?

For more information and resources on the CVE-2023-20109 vulnerability, check out the following references:

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2023-20109 vulnerability is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability is called Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability. It was added to the catalog on October 10, 2023, with a due date of October 31, 2023. The required action is to apply mitigations as per vendor instructions or discontinue the product's use if mitigations are unavailable.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-787, which identifies the vulnerability as an out-of-bounds write issue.

For more details

CVE-2023-20109 is a significant vulnerability affecting Cisco devices, with potential consequences including arbitrary code execution and device crashes. To gain a deeper understanding of the vulnerability's description, severity, technical details, and affected software configurations, refer to the comprehensive report on the NVD page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-20109 Report - Details, Severity, Advisories and More

CVE-2023-20109 Report - Details, Severity, Advisories and More

Twinagate Team

Jan 25, 2024

CVE-2023-20109 is a medium-severity vulnerability affecting the Cisco Group Encrypted Transport VPN (GET VPN) feature in certain Cisco IOS Software and Cisco IOS XE Software versions. An attacker with administrative control could exploit this vulnerability to execute arbitrary code on affected devices or cause them to crash. The issue impacts the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature, potentially affecting a wide range of Cisco devices running the specified software versions.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, you'll need to check if your Cisco device is running a vulnerable version of Cisco IOS or Cisco IOS XE software. The vulnerability impacts numerous specific versions, including Cisco IOS versions from 12.4(22)MD to 15.1(3)MRA4 and Cisco IOS XE versions from 3.3.0SG to 17.11.99SW. If your device is running one of these versions, it may be at risk.

What should I do if I'm affected?

If you're affected by the vulnerability, follow these steps. First, update your Cisco IOS or IOS XE software to a non-vulnerable version. Next, ensure the GET VPN feature is configured securely. Lastly, monitor your network for any suspicious activity. By taking these precautions, you can reduce the risk of exploitation and protect your devices.

Where can I go to learn more?

For more information and resources on the CVE-2023-20109 vulnerability, check out the following references:

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2023-20109 vulnerability is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability is called Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability. It was added to the catalog on October 10, 2023, with a due date of October 31, 2023. The required action is to apply mitigations as per vendor instructions or discontinue the product's use if mitigations are unavailable.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-787, which identifies the vulnerability as an out-of-bounds write issue.

For more details

CVE-2023-20109 is a significant vulnerability affecting Cisco devices, with potential consequences including arbitrary code execution and device crashes. To gain a deeper understanding of the vulnerability's description, severity, technical details, and affected software configurations, refer to the comprehensive report on the NVD page.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-20109 Report - Details, Severity, Advisories and More

Twinagate Team

Jan 25, 2024

CVE-2023-20109 is a medium-severity vulnerability affecting the Cisco Group Encrypted Transport VPN (GET VPN) feature in certain Cisco IOS Software and Cisco IOS XE Software versions. An attacker with administrative control could exploit this vulnerability to execute arbitrary code on affected devices or cause them to crash. The issue impacts the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature, potentially affecting a wide range of Cisco devices running the specified software versions.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, you'll need to check if your Cisco device is running a vulnerable version of Cisco IOS or Cisco IOS XE software. The vulnerability impacts numerous specific versions, including Cisco IOS versions from 12.4(22)MD to 15.1(3)MRA4 and Cisco IOS XE versions from 3.3.0SG to 17.11.99SW. If your device is running one of these versions, it may be at risk.

What should I do if I'm affected?

If you're affected by the vulnerability, follow these steps. First, update your Cisco IOS or IOS XE software to a non-vulnerable version. Next, ensure the GET VPN feature is configured securely. Lastly, monitor your network for any suspicious activity. By taking these precautions, you can reduce the risk of exploitation and protect your devices.

Where can I go to learn more?

For more information and resources on the CVE-2023-20109 vulnerability, check out the following references:

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

Yes, the CVE-2023-20109 vulnerability is in CISA's Known Exploited Vulnerabilities Catalog. The vulnerability is called Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability. It was added to the catalog on October 10, 2023, with a due date of October 31, 2023. The required action is to apply mitigations as per vendor instructions or discontinue the product's use if mitigations are unavailable.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-787, which identifies the vulnerability as an out-of-bounds write issue.

For more details

CVE-2023-20109 is a significant vulnerability affecting Cisco devices, with potential consequences including arbitrary code execution and device crashes. To gain a deeper understanding of the vulnerability's description, severity, technical details, and affected software configurations, refer to the comprehensive report on the NVD page.