overview

A medium-severity flaw, tracked as CVE-2023-20109, was found in Cisco’s IOS and IOS XE software related to the Group Encrypted Transport VPN (GET VPN) feature. The vulnerability has been exploited in the wild and can lead to remote code execution when an attacker has valid credentials and administrative control over a group member or a key server.  

According to Cisco’s advisory, the vulnerability stems from insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols used by the GET VPN feature. An attacker must have administrative control of a key server or group member to exploit the vulnerability. If successful, the attacker could execute arbitrary code and gain full of a system or cause the system to reload, which would cause a denial-of-service condition.  

CVE-2023-20109 impacts all Cisco products running a vulnerable version of IOS or IOS XE software with GDOI or G-IKEVv2 protocol enabled. The vulnerability does not impact IOS XR and NX-OS software. No workarounds are available for CVE-2023-20109, therefore Avertium recommends that users update to a patched IOS or IOS XE software release as soon as possible.   

 

 

avertium's recommendationS

  • Cisco’s advisory states that CVE-2023-20109 affects Cisco products if they are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software and have the GDOI or G-IKEv2 protocol enabled. 
  • Cisco’s advisory also states that customers can determine their exposure to vulnerabilities in Cisco IOS and IOS XE Software by using Cisco’s Software Checker 
    • “This tool identifies any Cisco security advisories that impact a specific software release and the earliest release that fixes the vulnerabilities that are described in each advisory (“First Fixed”). If applicable, the tool also returns the earliest release that fixes all the vulnerabilities that are described in all the advisories that the Software Checker identifies (“Combined First Fixed”).” 

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with CVE-2023-20109. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
  • Risk Assessments 
  • Pen Testing and Social Engineering  
  • Infrastructure Architecture and Integration  
  • Zero Trust Network Architecture 
  • Vulnerability Management 







SUPPORTING DOCUMENTATION

Cisco Warns of IOS Software Zero-Day Exploitation Attempts - SecurityWeek 

Cisco urges admins to fix IOS software zero-day exploited in attacks (bleepingcomputer.com) 

Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability 

NVD - CVE-2023-20109 (nist.gov) 
Chat With One of Our Experts



Cisco Vulnerabilities Flash Notice Cisco Critical Vulnerability High-Severity Vulnerability Blog