CVE-2023-20227 — Cisco IOS XE Software vulnerability

CWE-3884 documents4 sources

Severity

7.5HIGHNVD

CNA8.6

EPSS

0.4%

top 41.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE Software Cisco IOS XE

Timeline

PublishedSep 27

Description

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. An attacker could exploit this vulnerability by sending crafted L2TP packets to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. No…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_ios_xe_software97 versions+96

▶NVDcisco/ios_xe96 versions+95

🔴Vulnerability Details

CVEList

CVE-2023-20227: A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a d↗2023-09-27

▶

GHSA

GHSA-2wv8-x4w3-cpw3: A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a d↗2023-09-27

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability↗2023-09-27

▶