Cisco patches zero-day IOS software exploited in attacks | spcilvly

Cisco has released fixes to address a vulnerability in the GET VPN feature of IOS and IOS XE software that has been exploited in attacks.

A remote attacker with administrative access to a group member or key server could exploit this vulnerability to execute arbitrary code or disable an affected device.

Cisco GET VPN is a set of functions required for secure IP multicast group communication or unicast traffic over a private WAN originating from or flowing through a Cisco IOS device.

GET VPN integrates Group Key Management Protocol with IPsec encryption to offer users an efficient way to secure IP multicast or unicast communication.


Free Trial

Implementing “Trustifi” AI-powered email security solutions can protect your business from today’s most dangerous email threats such as tracking, blocking, modification, phishing, account takeover, business email compromise, malware and ransomware.

Vulnerability details

With a CVSS base score of 6.6, the out-of-bounds write vulnerability reported by Cisco is tracked as CVE-2023-20109 and has a “medium” severity range.

“This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN function,” Cisco said in its advisory.

A hacker could exploit this vulnerability by compromising an installed key server or by changing a group member’s configuration to point to a key server under the attacker’s control.

If the exploit is successful, the attacker can execute arbitrary code and take full control of the target system, or can force the target system to reload and create a DoS.

Affected products

If a Cisco product had the GDOI or G-IKEv2 protocol enabled and was running a vulnerable version of Cisco IOS or Cisco IOS XE software, it is considered vulnerable.

Non-vulnerable products

  • IOSXR Software
  • Meraki Products
  • NX-OS Software

This vulnerability, according to Cisco, can only be exploited in two ways:

  • The attacker compromises the existing key server and gains access to the GDOI or G-IKEv2 packets sent by the key server to the group member.
  • The attacker creates and installs his own key server and then reconfigures the group member to interact with the key server controlled by the attacker.

Attenuation measures

As noted in the advisory, Cisco recommends that affected users apply software updates as soon as possible.

Cisco confirmed that there are no workarounds to address this vulnerability.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the Free Trial to guarantee 100% security.

Leave a Reply

Your email address will not be published. Required fields are marked *