- 203/2023
- High
Cisco has released security updates to fix multiple vulnerabilities across multiple products.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, read or overwrite files, or perform denial of service attacks on the affected products by sending a specially crafted request.
Sample of the addressed vulnerabilities:
1. Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects SNMP Denial of Service (CVE-2023-20200):
- CVSS: 7.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Denial of Service
2. Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol Denial of Service (CVE-2023-20169):
- CVSS: 7.4
- Attack Vector: Adjacent Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
- CVE-2023-20168
- CVE-2023-20169
- CVE-2023-20200
- CVE-2023-20115
- CVE-2023-20234
- CVE-2023-20230
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.