Cisco IOS XE Software Group Encrypted Transport VPN Out of Bounds Write (cisco-sa-getvpn-rce-g8qR68sx)

medium Nessus Plugin ID 183214

Synopsis

The remote device is missing a vendor-supplied security patch

Description

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability.

- A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details [#details] section of this advisory. (CVE-2023-20109)

Please see the included Cisco BIDs and Cisco Security Advisory for more information.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCwe14195, CSCwe24118, CSCwf49531

See Also

http://www.nessus.org/u?cf42c207

http://www.nessus.org/u?f3520ae2

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe14195

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwe24118

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwf49531

Plugin Details

Severity: Medium

ID: 183214

File Name: cisco-sa-getvpn-rce-g8qR68sx-iosxe.nasl

Version: 1.2

Type: combined

Family: CISCO

Published: 10/17/2023

Updated: 10/18/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:M/C:C/I:C/A:C

CVSS Score Source: CVE-2023-20109

CVSS v3

Risk Factor: Medium

Base Score: 6.6

Temporal Score: 6.1

Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:cisco:ios_xe

Required KB Items: Host/Cisco/IOS-XE/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/27/2023

Vulnerability Publication Date: 9/27/2023

CISA Known Exploited Vulnerability Due Dates: 10/31/2023

Reference Information

CVE: CVE-2023-20109