Cisco warns about active Exploitation of IOS XE

A security hole in Cisco’s IOS and IOS XE software has been performed to be exploited, and if successful, it might allow a remote attacker with authorized credentials to execute malware remotely on the compromised systems.

With a CVSS score of 6.6, the medium-severity vulnerability is tracked as CVE-2023-20109. All software versions with the GDOI or G-IKEv2 protocol enabled are affected.

“An authenticated, remote attacker who has administrative control of either a group member or a key server could execute arbitrary code on an affected device or cause the device to crash,” the firm said, referring to the vulnerability.

It went on to say that the problem stems from inadequate attribute validation in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature, and that it can be weaponized by either breaking into an installed key server or altering a group member’s configuration to point to an attacker-controlled key server.

The vulnerability was reportedly found as a result of a “attempted exploitation of the GET VPN feature,” which prompted an internal investigation and source code audit.


(Score: 13) - 3.5/5