Rewterz Threat Advisory – Cisco ASA, FTD, IOS and IOS XE Software Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2023-20107 CVSS:5.3

Cisco ASA and FTD Software could allow a remote attacker to bypass security restrictions, caused by insufficient entropy in the DRBG when generating cryptographic keys. By generating a large number of cryptographic keys, an attacker could exploit this vulnerability to impersonate an affected target device or to decrypt secured traffic.

CVE-2023-20081 CVSS:6.8

Cisco ASA, FTD, IOS and IOS XE Software are vulnerable to a denial of service, caused by improper validation of DHCPv6 messages. By sending specially crafted DHCPv6 messages, a remote attacker could exploit this vulnerability to cause the device to reload, and results in a denial of service condition.

Impact

• Security Bypass
• Denial of Service

Indicators Of Compromise

CVE

• CVE-2023-20107
• CVE-2023-20081

Affected Vendors

Cisco

Affected Products

• Cisco IOS Software
• Cisco IOS XE Software
• Cisco Adaptive Security Appliance Software
• Cisco ASA 5506-X Security Appliances
• Cisco ASA 5506H-X Security Appliances
• Cisco ASA 5506W-X Security Appliances
• Cisco ASA 5508-X Security Appliances
• Cisco ASA 5516-X Security Appliances

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-20107 

CVE-2023-20081