CVE-2023-20051

CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
7.5HIGH
EPSS
0.5%
top 34.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Packet Data Network GatewayCisco Cisco ASR 5000 Series Software
Timeline
PublishedApr 5

Description

A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a malformed packet. An attacker could exploit this vulnerability by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-7prw-fc99-vjm9: A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to sto2023-04-05
CVEList
Cisco Packet Data Network Gateway IPsec ICMP Denial of Service Vulnerability2023-04-05

📋Vendor Advisories

1
Cisco
Cisco Packet Data Network Gateway IPsec ICMP Denial of Service Vulnerability2023-04-05
CVE-2023-20051 (HIGH CVSS 7.5) | A vulnerability in the Vector Packe | cvebase.io