CVE-2023-20233NULL Pointer Dereference in Cisco IOS XR

CWE-476NULL Pointer DereferenceCWE-354Improper Validation of Integrity Check Value4 documents4 sources
Severity
6.5MEDIUMNVD
CNA4.3
EPSS
0.1%
top 69.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XRCisco IOS XR Software
Timeline
PublishedSep 13

Description

A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays info

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_ios_xr_software59 versions+58
NVDcisco/ios_xr7.67.6.3+4

🔴Vulnerability Details

2
CVEList
CVE-2023-20233: A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a2023-09-13
GHSA
GHSA-346q-rm44-2j2v: A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a2023-09-13

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Connectivity Fault Management Denial of Service Vulnerability2023-09-13
CVE-2023-20233 — NULL Pointer Dereference in Cisco | cvebase