CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 730
- Points
- 113
Will Cisco allow hackers to take control of customers routers?
Cisco warned its customers about the need to fix a zero-day vulnerability in the IOS (Internetwork Operating System) and IOS XE (Internetwork Operating System Extended Edition) software, which has already become the target of hacker attacks.
Vulnerability CVE-2023-20109 (CVSS: 6.6) was discovered by the Cisco Advanced Security Initiatives Group (ASIG). The problem occurs due to insufficient attribute validation in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN function.
Cisco IOS and IOS XE are operating systems developed by Cisco Systems for use on the company's network equipment, such as routers and switches. OSS are used to manage network functions and provide communication between different devices on the network.
To successfully exploit the vulnerability, potential attackers must have administrative control over the key server or group member. In other words, cybercriminals should already be in the system, since all communication between the key server and the group members is encrypted and authenticated.
According to Cisco, a hacker can exploit the vulnerability by either compromising the installed server or changing the configuration of a group member to point to a server controlled by the attacker.
Successful exploitation would allow an attacker to execute arbitrary code and gain full control over the affected system, or cause a system reboot that would result in Denial of Service (DoS).
0Day affects all Cisco products running on a vulnerable version of iOS or IOS XE with GDOI or G-IKEv2 enabled. Meraki products and those running on IOS XR and NX-OS are not affected by the vulnerability.
In addition, Cisco detected attempts to exploit the GET VPN function and conducted a technical analysis of the function code. Cisco strongly recommends that its customers upgrade to a patched version of the software to address the vulnerability.
Cisco warned its customers about the need to fix a zero-day vulnerability in the IOS (Internetwork Operating System) and IOS XE (Internetwork Operating System Extended Edition) software, which has already become the target of hacker attacks.
Vulnerability CVE-2023-20109 (CVSS: 6.6) was discovered by the Cisco Advanced Security Initiatives Group (ASIG). The problem occurs due to insufficient attribute validation in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN function.
Cisco IOS and IOS XE are operating systems developed by Cisco Systems for use on the company's network equipment, such as routers and switches. OSS are used to manage network functions and provide communication between different devices on the network.
To successfully exploit the vulnerability, potential attackers must have administrative control over the key server or group member. In other words, cybercriminals should already be in the system, since all communication between the key server and the group members is encrypted and authenticated.
According to Cisco, a hacker can exploit the vulnerability by either compromising the installed server or changing the configuration of a group member to point to a server controlled by the attacker.
Successful exploitation would allow an attacker to execute arbitrary code and gain full control over the affected system, or cause a system reboot that would result in Denial of Service (DoS).
0Day affects all Cisco products running on a vulnerable version of iOS or IOS XE with GDOI or G-IKEv2 enabled. Meraki products and those running on IOS XR and NX-OS are not affected by the vulnerability.
In addition, Cisco detected attempts to exploit the GET VPN function and conducted a technical analysis of the function code. Cisco strongly recommends that its customers upgrade to a patched version of the software to address the vulnerability.
