CVE-2023-20072

CVSS V2 None CVSS V3 None
Description
A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of large fragmented tunnel protocol packets. One example of a tunnel protocol is Generic Routing Encapsulation (GRE). An attacker could exploit this vulnerability by sending crafted fragmented packets to an affected system. A successful exploit could allow the attacker to cause the affected system to reload, resulting in a DoS condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability.
Overview
  • CVE ID
  • CVE-2023-20072
  • Assigner
  • ykramarz@cisco.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-23T17:15:14
  • Last Modified Date
  • 2023-03-31T15:03:35
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cisco:ios_xe:17.9.1w:*:*:*:*:*:*:* 1 OR
History
Created Old Value New Value Data Type Notes
2023-04-17 03:16:05 Added to TrackCVE
2023-04-17 03:16:07 Weakness Enumeration new
2023-04-17 04:54:10 CVSS V3 information new