CVE-2023-20187Use of Out-of-range Pointer Offset in Cisco IOS XE Software

CWE-823Use of Out-of-range Pointer Offset4 documents4 sources
Severity
7.5HIGHNVD
CNA8.6
EPSS
0.4%
top 40.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedSep 27

Description

A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect handling of certain IPv6 multicast packets when they are fanned out more than seven times on an affected device. An attacker could exploit this vulnerability by sending a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xe_software203 versions+202
NVDcisco/ios_xe201 versions+200

🔴Vulnerability Details

2
CVEList
CVE-2023-20187: A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Route2023-09-27
GHSA
GHSA-w9wf-g769-rjv3: A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Route2023-09-27

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers IPv6 Multicast Denial of Service Vulnerability2023-09-27
CVE-2023-20187 — Use of Out-of-range Pointer Offset | cvebase