5 matches found
CVE-2023-20109
A vulnerability in the Cisco Group Encrypted Transport VPN GET VPN feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause...
Cisco IOS XE Software Group Encrypted Transport VPN Out of Bounds Write (cisco-sa-getvpn-rce-g8qR68sx)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Cisco Group Encrypted Transport VPN GET VPN feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control o...
Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
Cisco is warning of attempted exploitation of a security flaw in its IOS Software and IOS XE Software that could permit an authenticated remote attacker to achieve remote code execution on affected systems. The medium-severity vulnerability is tracked as CVE-2023-20109, and has a CVSS score of 6....
CVE-2023-20109
creationtimestamp| type| source ---|---|--- 2023-09-27 22:36:02+00:00| seen| https://t.me/cibsecurity/71138 2023-09-28 19:37:44+00:00| exploited| https://t.me/ctinow/139989 2023-09-29 05:10:10+00:00| seen| https://t.me/eaglecyberwashere/2643 2023-09-29 05:10:10+00:00| seen|...
CVE-2023-20109
CVE-2023-20109 affects Cisco IOS and IOS XE GET VPN. Root cause: insufficient validation of GDOI/G-IKEv2 attributes in GET VPN, enabling an authenticated admin on a group member or key server to execute arbitrary code or crash the device. Impact (as stated): full device control or reboot/DoS. Rem...