April 18, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory -CVE-2023-28685 – Jenkins AbsInt a3 Plugin Vulnerability
March 24, 2023Rewterz Threat Advisory – Cisco ASA, FTD, IOS and IOS XE Software Vulnerabilities
March 24, 2023Rewterz Threat Advisory -CVE-2023-28685 – Jenkins AbsInt a3 Plugin Vulnerability
March 24, 2023Rewterz Threat Advisory – Cisco ASA, FTD, IOS and IOS XE Software Vulnerabilities
March 24, 2023
Severity
High
Analysis Summary
CVE-2023-20027 CVSS:8.6
Cisco IOS XE Software is vulnerable to a denial of service, caused by improper reassembly of large packets when VFR is enabled. By sending specially crafted fragmented packets through a VFR-enabled interface, a remote attacker could exploit this vulnerability to cause the device to reload, and results in a denial of service condition.
CVE-2023-20065 CVSS:7.8
Cisco IOS XE Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by insufficient restrictions on the hosted application. By logging in to and then escaping the Cisco IOx application container, an authenticated attacker could exploit this vulnerability to execute arbitrary commands on the underlying operating system with root privileges.
CVE-2023-20035 CVSS:7.8
Cisco IOS XE SD-WAN Software could allow a local authenticated attacker to execute arbitrary commands on the system, caused by improper input validation by the system CLI. By sending a specially crafted input to the system CLI, an attacker could exploit this vulnerability to execute arbitrary commands on the underlying operating system with root-level privileges.
CVE-2023-20072 CVSS:8.6
Cisco IOS XE Software is vulnerable to a denial of service, caused by improper handling of large fragmented tunnel protocol packets. By sending specially crafted fragmented packets, a remote attacker could exploit this vulnerability to cause the system to reload, and results in a denial of service condition.
CVE-2023-20080 CVSS:8.6
Cisco IOS and IOS XE Software are vulnerable to a denial of service, caused by improper validation of data boundaries. By sending specially crafted DHCPv6 messages, a remote attacker could exploit this vulnerability to cause the device to reload unexpectedly, and results in a denial of service condition.
CVE-2023-20067 CVSS:7.4
Cisco IOS XE Software is vulnerable to a denial of service, caused by improper input validation of received traffic. By sending specially crafted traffic through a wireless access point, a remote attacker could exploit this vulnerability to cause CPU utilization to increase and results in a denial of service condition.
CVE-2023-20082 CVSS:6.1
Cisco IOS XE Software could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when retrieving the public release key for image signature verification. By modifying specific variables in the Serial Peripheral Interface (SPI) flash memory, an attacker could exploit this vulnerability to execute persistent code on the underlying operating system.
CVE-2023-20066 CVSS:6.5
Cisco IOS XE Software could allow a remote authenticated attacker to traverse directories on the system, caused by improper security configuration. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
CVE-2023-20029 CVSS:4.4
Cisco IOS XE Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper memory protection in the Meraki onboarding feature. By modifying the Meraki registration parameters, an authenticated attacker could exploit this vulnerability to gain elevate privileges to root.
Impact
- Denial of Service
- Privilege Escalation
- Code Execution
- Information Theft
Indicators Of Compromise
CVE
- CVE-2023-20027
- CVE-2023-20065
- CVE-2023-20035
- CVE-2023-20072
- CVE-2023-20080
- CVE-2023-20067
- CVE-2023-20082
- CVE-2023-20066
- CVE-2023-20029
Affected Vendors
Cisco
Affected Products
- Cisco IOS XE Software
- Cisco Cloud Services Router 1000V Series
- CIsco 4000 Series Integrated Services Routers
- Cisco Catalyst 8200 Series Edge Platforms
- Cisco Cloud Services Router (CSR) 1000V Series
- Cisco 1000 Series Integrated Services Routers (ISRs)
- Cisco 4000 Series ISRs
- Cisco ASR 1000 Series Aggregation Services Routers
- Cisco Catalyst 8000 Edge Platforms Family
- Cisco Catalyst 9800 Series Wireless Controllers
- Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9300 Series Switches
- Cisco Catalyst 9800 Embedded Wireless Controller for Catalyst 9400 Series Switches
- Cisco IOS Software
- Cisco Catalyst 9300 Series Switches
- Cisco Catalyst 9200 Series Switches
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.
