- 65/2023
- High
Cisco has released security updates to address vulnerabilities affecting multiple products.
addressed vulnerabilities could allow the attacker to obtain sensitive information, or cause a denial of service attack on the affected products by sending
a crafted IPv4 BFD packet to make line card exceptions or hard reset.
Sample of the addressed vulnerabilities:
Cisco IOS XR Software for ASR 9000 Series Routers Denial of Service Vulnerability (CVE-2023-20049):
• CVSS: 8.6
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Denial of Service
Affected Products:
• ASR Compact High-Performance Routers Series (9000,9902,9903).
• IOS XR White box (IOSXRWBD) (CSCwd79460).
• IOS XRv 9000 Routers (CSCwd79460).
• Network Convergence System (NCS) 540 Series Routers (CSCvz42457).
• NCS Routers Series (560,1001,1002,1004,5000,5500,5700,6000).
Vulnerabilities
- CVE-2023-20049
- CVE-2023-20064
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.