Cisco has issued a warning regarding attempts to exploit a security hole in its IOS and IOS XE software that might allow a remote, authenticated attacker to execute remote code on vulnerable devices.
The medium-severity vulnerability has a CVSS score of 6.6 and is tagged as CVE-2023-20109. All software versions with the GDOI or G-IKEv2 protocol enabled are affected.
The vulnerability, according to the manufacturer, “could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash.
It further noted that the issue is the result of insufficient validation of attributes in the Group Domain of Interpretation (GDOI) read more Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.