Cisco Products Multiple Vulnerabilities

Release Date: 29 Sep 2023 3698 Views

RISK: High Risk

High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in Cisco products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, remote code execution, security restriction bypass and sensitive information disclosure data manipulation on the targeted system.

 

Note:

For CVE-2023-20109, this vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. Cisco is aware that an exploit for CVE-2023-20109 exists in the wild.

Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass
  • Information Disclosure
  • Data Manipulation

System / Technologies affected

  • 1000 Series Integrated Services Routers (ISRs)
  • 1100 Integrated Services Routers
  • 4000 Series Integrated Services Routers
  • 4200 Series Integrated Services Routers
  • 4300 Series Integrated Services Routers
  • 6300 Series Embedded Services APs
  • Aironet 1540 Series APs
  • Aironet 1560 Series APs
  • Aironet 1800 Series APs
  • Aironet 2800 Series APs
  • Aironet 3800 Series APs
  • Aironet 4800 APs
  • Business 150 and 151 APs and Mesh Extenders
  • Catalyst 3650 Series Switches
  • Catalyst 3850 Series Switches
  • Catalyst 8000V Edge Software
  • Catalyst 8200 Series Edge Platforms
  • Catalyst 8300 Edge Platforms
  • Catalyst 8300 Series Edge Platforms
  • Catalyst 8500L Edge Platforms
  • Catalyst 9100 APs
  • Catalyst 9124 APs
  • Catalyst 9130 APs
  • Catalyst 9136 APs
  • Catalyst 9164 APs
  • Catalyst 9166 APs
  • Catalyst 9300 Series Switches
  • Catalyst 9400 Series Switches
  • Catalyst 9500 Series Switches
  • Catalyst 9800 Embedded Wireless Controller for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches
  • Catalyst 9800 Series Wireless Controllers
  • Catalyst 9800-CL Wireless Controllers for Cloud
  • Catalyst IR8300 Rugged Series Routers
  • Catalyst IW6300 Heavy Duty Series APs
  • Cisco ASA Software
  • Cisco Catalyst SD-WAN Manager
  • Cisco FTD Software
  • Cisco IOS Software
  • Cisco IOS XE Software
  • Cloud Services Routers 1000V Series
  • Embedded Wireless Controller on Catalyst 9100X Series Access Points
  • Embedded Wireless Controllers on Catalyst Access Points
  • ISR1100 Series Routers
  • Integrated APs on 1100 Integrated Services Routers (ISRs)
  • Integrated Services Virtual Routers
  • Mobility Express
  • VG400 Analog Voice Gateways
  • VG420 Analog Voice Gateways
  • VG450 Analog Voice Gateways
  • Virtual Wireless LAN Controller (vWLC)

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

Vulnerability Identifier

Source

Related Link

Related Tags

CiscoDenial of ServiceRemote Code ExecutionSecurity Restriction BypassInformation DisclosureData ManipulationExploit In The Wild

Share with

Previous

GitLab Multiple Vulnerabilities

29 Sep 2023 2819 Views

Next

Mozilla Products Remote Code Execution Vulnerability

3 Oct 2023 3374 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY