CVE-2023-20109
CVE-2023-20109
In short
A flaw in Cisco's GET VPN feature allows an authenticated attacker who controls a VPN key server or group member to run malicious code or crash the device. The vulnerability exists because the system doesn't properly validate certain protocol messages, making it dangerous if someone with admin access turns malicious.
Technical detail
CWE-787 (out-of-bounds write) in GDOI and G-IKEv2 protocol handling within Cisco GET VPN allows authenticated remote attackers with administrative privileges on key servers or group members to inject malformed attributes that bypass validation, enabling arbitrary code execution or device denial of service. Pre-condition: attacker must compromise or control a key server, or reconfigure a group member to point to attacker-controlled infrastructure.
Summary generated and translated by AI from the official description.
A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash.
This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details ["#details"] section of this advisory.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H