CVE-2023-20033Allocation of Resources Without Limits or Throttling in Cisco IOS XE Software

CWE-770Allocation of Resources Without Limits or Throttling4 documents4 sources
Severity
8.6HIGHNVD
EPSS
0.2%
top 63.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedSep 27

Description

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper resource management when processing traffic that is received on the management interface. An attacker could exploit this vulnerability by sending a high rate of traffic to the management interface. A successful ex

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software58 versions+57
NVDcisco/ios_xe58 versions+57

🔴Vulnerability Details

2
CVEList
CVE-2023-20033: A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to2023-09-27
GHSA
GHSA-2633-hpcr-wxff: A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to2023-09-27

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability2023-09-27
CVE-2023-20033 — Cisco IOS XE Software vulnerability | cvebase