Cisco Warns of Remote Code Execution Vulnerability in IOS and IOS XE Software
Cisco has issued a warning regarding a significant vulnerability affecting its IOS Software and IOS XE Software, which could allow an authenticated remote attacker to execute arbitrary code on compromised systems. This medium-severity security flaw, designated as CVE-2023-20109, carries a CVSS score of 6.6 and impacts all software versions with the Group Domain of Interpretation (GDOI) or G-IKEv2 protocol enabled.
The company indicated that the vulnerability could be exploited by an attacker who has administrative control of either a group member or a key server. Such control would provide them the capability to execute arbitrary code on affected devices, potentially leading to device crashes as well. The problem stems from inadequate validation of attributes within the GDOI and G-IKEv2 protocols associated with the GET VPN feature. Attackers might exploit this flaw by either taking over an installed key server or altering the configuration of a group member to redirect to a malicious key server under their control.
Discovery of this vulnerability followed an internal investigation and source code audit triggered by attempted exploitation of the GET VPN feature. The revelation coincides with Cisco’s disclosure of five additional vulnerabilities in its Catalyst SD-WAN Manager, supposedly affecting versions 20.3 to 20.12. These vulnerabilities present a range of risks, including unauthorized access, configuration rollback, and denial of service.
Mitigating the risk from these vulnerabilities is imperative. Cisco strongly recommends that customers upgrade to an appropriate software release that addresses these issues. As system vulnerabilities recur, proactive measures toward software updates and cybersecurity practices remain key to safeguarding against potential exploits.
In considering the MITRE ATT&CK framework, this situation illustrates how initial access tactics could be leveraged by potential attackers, facilitating unauthorized control over systems. Such tactics often involve exploiting vulnerabilities in protocols or misconfigurations. The persistence of these threats underscores the necessity for organizations to remain vigilant and proactive in their cybersecurity strategies.
As the landscape of cyber threats continues to evolve, ensuring timely updates and proper security measures remains a critical responsibility for all organizations, especially in protecting sensitive data and maintaining system integrity.
