Cisco fixed multiple severe vulnerabilities in its IOS and IOS XE software

Cisco addressed tens of vulnerabilities in its IOS and IOS XE software, six of these issues have been rated ‘high severity’.

Cisco published the March 2023 Semiannual IOS and IOS XE Software Security Advisory that addresses several vulnerabilities in IOS and IOS XE software.

Below is the list of flaws addressed by the IT giant in this bundled publication:

Cisco Security AdvisoryCVE IDSecurity Impact RatingCVSS Base ScoreCisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service VulnerabilityCVE-2023-20080High8.6Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service VulnerabilityCVE-2023-20072High8.6Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service VulnerabilityCVE-2023-20027High8.6Cisco IOS XE SD-WAN Software Command Injection VulnerabilityCVE-2023-20035High7.8Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation VulnerabilityCVE-2023-20065High7.8Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service VulnerabilityCVE-2023-20067High7.4Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IPv6 DHCP (DHCPv6) Client Denial of Service VulnerabilityCVE-2023-20081Medium6.8Cisco IOS XE Software for Wireless LAN Controllers CAPWAP Join Denial of Service VulnerabilityCVE-2023-20100Medium6.8Cisco IOS XE Software Web UI Path Traversal VulnerabilityCVE-2023-20066Medium6.5Cisco IOS XE Software Privilege Escalation VulnerabilityCVE-2023-20029Medium4.4The most important severe vulnerabilities addressed by the company are:

CVE-2023-20080 (CVSS score 8.6) – Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability. An unauthenticated, remote attacker can trigger the flaw to cause DoS condition.

“This vulnerability is due to insufficient validation of data boundaries. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly.” reads the advisory.

CVE-2023-20072 (CVSS score 8.6) – Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability. An unauthenticated, remote attacker can trigger the flaw to cause an affected system to reload, resulting in a denial of service (DoS) condition.

“This vulnerability is due to the improper handling of large fragmented tunnel protocol packets. One example of a tunnel protocol is Generic Routing Encapsulation (GRE). An attacker could exploit this vulnerability by sending crafted fragmented packets to an affected system.” reads the advisory. “A successful exploit could allow the attacker to cause the affected system to reload, resulting in a DoS condition.”

CVE-2023-20027 (CVSS score 8.6) – Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability. An unauthenticated, remote attacker can exploit this vulnerability to cause a denial of service (DoS) condition on a vulnerable device.

“This vulnerability is due to improper reassembly of large packets that occurs when VFR is enabled on either a tunnel interface or on a physical interface that is configured with a maximum transmission unit (MTU) greater than 4,615 bytes. An attacker could exploit this vulnerability by sending fragmented packets through a VFR-enabled interface on an affected device.” reads the advisory. “A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.”

Cisco also addressed an IOS XE SD-WAN software command injection vulnerability tracked as CVE-2023-20035 (CVSS Score 7.8) and an IOS XE Software IOx Application Hosting Environment privilege escalation vulnerability tracked as CVE-2023-20065 (CVSS Score 7.8).

The good news is that the company is not aware of attacks in the wild exploiting one of the flaws addressed with the release of semiannual IOS and IOS XE software security advisory bundle.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, IOS XE)
The post Cisco fixed multiple severe vulnerabilities in its IOS and IOS XE software appeared first on Security Affairs.