Cisco Warns Of IOS Software Zero-Day Exploitation Attempts

Cisco this week announced patches for multiple vulnerabilities impacting its products, including a medium-severity flaw in IOS and IOS XE software that appears to have been exploited in attacks.

Tracked as CVE-2023-20109, the bug impacts the Group Encrypted Transport VPN (GET VPN) feature of IOS and IOS XE and can lead to remote code execution. Successful exploitation of the flaw requires that the attacker has valid credentials and administrative control over a group member or a key server.

“This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker,” Cisco notes in its advisory.

All Cisco products running a vulnerable IOS or IOS XE release with the GDOI or G-IKEv2 protocol enabled are impacted by this issue. There are no workarounds available for this bug and Cisco recommends that all customers update to a patched IOS or IOS XE release.

The tech giant also notes that it has observed exploitation attempts targeting this vulnerability.

“Cisco discovered attempted exploitation of the GET VPN feature and conducted a technical code review of the feature. This vulnerability was discovered during our internal investigation,” the company notes.

This week, Cisco also released patches for multiple flaws in the Catalyst SD-WAN Manager product, including a critical-severity bug (CVE-2023-20252, CVSS score of 9.8) in the SAML APIs that could allow an unauthenticated attacker to gain unauthorized access to the application as an arbitrary user.

Advertisement. Scroll to continue reading.

The vulnerability was resolved along with four high-severity bugs that could be exploited to bypass authorization and roll back controller configurations, access a system’s Elasticsearch database, access another tenant managed on the same instance, or cause a denial-of-service (DoS) condition.

Multiple other high-severity issues leading to code execution, DoS, data access and tampering, and file exfiltration were addressed with software updates for IOS, IOS XE, and Cisco DNA Center. The tech giant also patched several other medium-severity issues impacting its products.

Cisco says that, aside from CVE-2023-20109, it is not aware of any of these vulnerabilities being exploited in attacks. Additional information can be found on Cisco’s security advisories page.

Related: Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks

Related: Cisco Patches Critical Vulnerability in BroadWorks Platform

Related: Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks

READ MORE HERE