- 75/2023
- High
Cisco has released security updates to address vulnerabilities affecting multiple products.
The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands, gain access, bypass security restrictions, gain privileges, obtain information, or cause a denial of service attack on the affected systems.
Sample of the addressed vulnerabilities:
1. Cisco IOS XE Software Denial of Service (CVE-2023-20027):
• CVSS: 8.6
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Consequences: Denial of Service
2. Cisco DNA Center Privilege Escalation (CVE-2023-20055):
• CVSS: 8
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: Required
• Consequences: Gain Privileges
Sample of the affected products:
• Cisco IOS XE Software.
• Catalyst 8000 Edge Platforms Family.
• Cisco 4000 Series Integrated Services Routers.
• Cisco Catalyst 8200 Series Edge Platforms.
• Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches.
• Cisco DNA Center.
• Business 150 APs and 151 Mesh Extenders.
• Catalyst 9100 Aps.
• ASA 5506/H/W-X Security Appliances.
Vulnerabilities
• CVE-2023-20027
• CVE-2023-20065
• CVE-2023-20035
• CVE-2023-20072
• CVE-2023-20080
• CVE-2023-20067
• CVE-2023-20055
• CVE-2023-20082
• CVE-2023-20112
• CVE-2023-20066
• CVE-2023-20113
• CVE-2023-20029
• CVE-2023-20059
• CVE-2023-20100
• CVE-2023-20081
• CVE-2023-20107
• CVE-2023-20056
• CVE-2023-20097
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.