Cisco has issued a warning regarding a new vulnerability, known as CVE-2023-20109 [1] [4] [5], that has been discovered in its IOS Software and IOS XE Software. This vulnerability affects the Group Encrypted Transport VPN (GET VPN) feature and is associated with the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols. Cisco has released software updates to address this vulnerability and recommends upgrading to a fixed software release.
Description
The vulnerability, with a CVSS score of 6.6 [1] [5], allows an authenticated remote attacker with administrative control to execute remote code on affected systems or cause a device to crash. It was discovered during an internal investigation and source code audit prompted by an attempted exploitation of the GET VPN feature [1] [5]. Cisco has observed exploitation attempts targeting this vulnerability [4], but the danger is not substantial unless the attacker already has full access to the target environment [6].
To prevent unauthorized access and potential breaches [2], organizations are advised to implement ongoing monitoring, patch management [2], access control [2] [3] [6], network segmentation [2], incident response plans [2], and security awareness measures [2]. In addition to the GET VPN flaw, Cisco has also released patches for multiple vulnerabilities in its products [4]. One of these vulnerabilities [4], identified as CVE-2023-20252, is a critical-severity bug in the Catalyst SD-WAN Manager product that could allow unauthorized access. Cisco has addressed other high-severity issues in its products through software updates [4]. It is important to note that Cisco is not aware of any of these vulnerabilities being exploited in attacks [4].
Conclusion
The discovery of this vulnerability highlights the importance of ongoing monitoring and patch management to prevent unauthorized access and potential breaches. Organizations should also implement access control, network segmentation [2], incident response plans [2], and security awareness measures to enhance their overall security posture. Cisco’s prompt release of software updates demonstrates their commitment to addressing vulnerabilities and ensuring the security of their products. It is crucial for users to upgrade to the fixed software release to mitigate the risk posed by these vulnerabilities.
References
[1] https://www.redpacketsecurity.com/cisco-warns-of-vulnerability-in-ios-and-ios-xe-software-after-exploitation-attempts/
[2] https://www.accesspointconsulting.com/briefing/zero-day-alert-cisco-ios
[3] https://securityonline.info/zero-day-alert-cve-2023-20109-cisco-get-vpn-out-of-bounds-write-vulnerability/
[4] https://www.threatshub.org/blog/cisco-warns-of-ios-software-zero-day-exploitation-attempts/
[5] https://thehackernews.com/2023/09/cisco-warns-of-vulnerability-in-ios-and.html
[6] https://www.darkreading.com/vulnerabilities-threats/new-cisco-ios-zero-day-delivers-a-double-punch
