- 227/2023
- Medium
Cisco has released security updates to fix multiple vulnerabilities in Cisco IOS XR Software.
The addressed vulnerabilities could allow the attacker to gain access, execute arbitrary code, perform denial of service attacks, or bypass security restrictions on the affected products.
Sample of the addressed vulnerabilities:
1. Cisco IOS XR Code Execution Vulnerability (CVE-2023-20236):
- CVSS: 6.7
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
2. Cisco IOS XR Software Security Bypass Vulnerability (CVE-2023-20190):
- CVSS: 5.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
Vulnerabilities
- CVE-2023-20190
- CVE-2023-20191
- CVE-2023-20233
- CVE-2023-20236
- CVE-2023-20135
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.