CVE-2023-20027 | ByteOS Network

Vulnerability Details :

CVE-2023-20027

Assigner-cisco

Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633

Published At-23 Mar, 2023 | 00:00

Updated At-28 Oct, 2024 | 16:33

Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large packets that occurs when VFR is enabled on either a tunnel interface or on a physical interface that is configured with a maximum transmission unit (MTU) greater than 4,615 bytes. An attacker could exploit this vulnerability by sending fragmented packets through a VFR-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

EPSS History

Score

Latest Score

-

N/A

Percentile

Latest Percentile

-

N/A

▼Common Vulnerabilities and Exposures (CVE)

Assigner:cisco

Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633

Published At:23 Mar, 2023 | 00:00

Updated At:28 Oct, 2024 | 16:33

▼CVE Numbering Authority (CNA)

Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large packets that occurs when VFR is enabled on either a tunnel interface or on a physical interface that is configured with a maximum transmission unit (MTU) greater than 4,615 bytes. An attacker could exploit this vulnerability by sending fragmented packets through a VFR-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Affected Products

Vendor

Cisco Systems, Inc.

Product

Cisco IOS XE Software

Versions

Affected

n/a

Problem Types

Type	CWE ID	Description
CWE	CWE-416	CWE-416

Type: CWE

CWE ID: CWE-416

Description: CWE-416

Metrics

Version	Base score	Base severity	Vector
3.1	8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Version: 3.1

Base score: 8.6

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

References

Hyperlink	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4-vfr-dos-CXxtFacb	vendor-advisory

Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4-vfr-dos-CXxtFacb

Resource:

vendor-advisory

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4-vfr-dos-CXxtFacb	vendor-advisory x_transferred

Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4-vfr-dos-CXxtFacb

Resource:

vendor-advisory

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

Source:ykramarz@cisco.com

Published At:23 Mar, 2023 | 17:15

Updated At:07 Nov, 2023 | 04:05

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large packets that occurs when VFR is enabled on either a tunnel interface or on a physical interface that is configured with a maximum transmission unit (MTU) greater than 4,615 bytes. An attacker could exploit this vulnerability by sending fragmented packets through a VFR-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Secondary	3.1	8.6	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Type: Primary

Version: 3.1

Base score: 8.6

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 8.6

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CPE Matches

Cisco Systems, Inc.

>>ios_xe>>3.9.0as

cpe:2.3:o:cisco:ios_xe:3.9.0as:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.9.1s

cpe:2.3:o:cisco:ios_xe:3.9.1s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.9.2s

cpe:2.3:o:cisco:ios_xe:3.9.2s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.10.0s

cpe:2.3:o:cisco:ios_xe:3.10.0s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.10.1s

cpe:2.3:o:cisco:ios_xe:3.10.1s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.10.2as

cpe:2.3:o:cisco:ios_xe:3.10.2as:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.10.2s

cpe:2.3:o:cisco:ios_xe:3.10.2s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.10.2ts

cpe:2.3:o:cisco:ios_xe:3.10.2ts:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.10.3s

cpe:2.3:o:cisco:ios_xe:3.10.3s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.10.4s

cpe:2.3:o:cisco:ios_xe:3.10.4s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.10.5s

cpe:2.3:o:cisco:ios_xe:3.10.5s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.10.6s

cpe:2.3:o:cisco:ios_xe:3.10.6s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.10.7s

cpe:2.3:o:cisco:ios_xe:3.10.7s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.10.8as

cpe:2.3:o:cisco:ios_xe:3.10.8as:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.10.8s

cpe:2.3:o:cisco:ios_xe:3.10.8s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.10.9s

cpe:2.3:o:cisco:ios_xe:3.10.9s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.10.10s

cpe:2.3:o:cisco:ios_xe:3.10.10s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.11.0s

cpe:2.3:o:cisco:ios_xe:3.11.0s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.11.1s

cpe:2.3:o:cisco:ios_xe:3.11.1s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.11.2s

cpe:2.3:o:cisco:ios_xe:3.11.2s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.11.3s

cpe:2.3:o:cisco:ios_xe:3.11.3s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.11.4s

cpe:2.3:o:cisco:ios_xe:3.11.4s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.12.0s

cpe:2.3:o:cisco:ios_xe:3.12.0s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.12.1s

cpe:2.3:o:cisco:ios_xe:3.12.1s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.12.2s

cpe:2.3:o:cisco:ios_xe:3.12.2s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.12.3s

cpe:2.3:o:cisco:ios_xe:3.12.3s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.12.4s

cpe:2.3:o:cisco:ios_xe:3.12.4s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.13.0s

cpe:2.3:o:cisco:ios_xe:3.13.0s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.13.1s

cpe:2.3:o:cisco:ios_xe:3.13.1s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.13.2s

cpe:2.3:o:cisco:ios_xe:3.13.2s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.13.3s

cpe:2.3:o:cisco:ios_xe:3.13.3s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.13.4s

cpe:2.3:o:cisco:ios_xe:3.13.4s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.13.5s

cpe:2.3:o:cisco:ios_xe:3.13.5s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.13.6as

cpe:2.3:o:cisco:ios_xe:3.13.6as:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.13.6s

cpe:2.3:o:cisco:ios_xe:3.13.6s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.13.7s

cpe:2.3:o:cisco:ios_xe:3.13.7s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.13.8s

cpe:2.3:o:cisco:ios_xe:3.13.8s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.13.9s

cpe:2.3:o:cisco:ios_xe:3.13.9s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.13.10s

cpe:2.3:o:cisco:ios_xe:3.13.10s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.14.0s

cpe:2.3:o:cisco:ios_xe:3.14.0s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.14.1s

cpe:2.3:o:cisco:ios_xe:3.14.1s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.14.2s

cpe:2.3:o:cisco:ios_xe:3.14.2s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.14.3s

cpe:2.3:o:cisco:ios_xe:3.14.3s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.14.4s

cpe:2.3:o:cisco:ios_xe:3.14.4s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.15.0s

cpe:2.3:o:cisco:ios_xe:3.15.0s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.15.1cs

cpe:2.3:o:cisco:ios_xe:3.15.1cs:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.15.1s

cpe:2.3:o:cisco:ios_xe:3.15.1s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.15.2s

cpe:2.3:o:cisco:ios_xe:3.15.2s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.15.3s

cpe:2.3:o:cisco:ios_xe:3.15.3s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios_xe>>3.15.4s

cpe:2.3:o:cisco:ios_xe:3.15.4s:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-416	Secondary	ykramarz@cisco.com

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-416

Type: Secondary

Source: ykramarz@cisco.com

References

Hyperlink	Source	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4-vfr-dos-CXxtFacb	ykramarz@cisco.com	Vendor Advisory

Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4-vfr-dos-CXxtFacb

Source: ykramarz@cisco.com

Resource:

Vendor Advisory