Severity
Medium
Analysis Summary
CVE-2023-20049 CVSS:8.6
Cisco IOS XR Software for ASR 9000 Series Routers are vulnerable to a denial of service, caused by incorrect handling of malformed BFD packets. By sending a specially crafted IPv4 BFD packet, a remote attacker could exploit this vulnerability to cause line card exceptions or a hard reset, and results in a denial of service condition.
CVE-2023-20064 CVSS:4.6
Cisco IOS XR Software could allow a physical attacker to obtain sensitive information, caused by the inclusion of unnecessary commands within the GRUB environment. By sending a specially crafted request using the GRUB bootloader command line, an attacker could exploit this vulnerability to view sensitive files on the console, and use this information to launch further attacks against the affected system.
Impact
- Denial of Service
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-20049
- CVE-2023-20064
Affected Vendors
Cisco
Affected Products
- Cisco ASR 9000 Series Aggregation Services Routers
- Cisco ASR 9902 Compact High-Performance Routers
- Cisco ASR 9903 Compact High-Performance Routers
- Cisco IOS XRv 9000 Router
- Cisco Network Convergence System (NCS) 540 Series Routers
- Cisco Network Convergence System (NCS) 560 Series Routers
- Cisco Network Convergence System (NCS) 5000 Series Routers
- Cisco Network Convergence System (NCS) 5500 Series Routers
- Cisco Network Convergence System (NCS) 6000 Series Routers
- Cisco IOS XR White box
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.