CVE-2023-20049

Published on: Not Yet Published

Last Modified on: 03/16/2023 03:23:00 PM UTC

CVE-2023-20049 - advisory for cisco-sa-bfd-XmRescbT

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Certain versions of Asr 9000v-v2 from Cisco contain the following vulnerability:

A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed BFD packets that are received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this vulnerability by sending a crafted IPv4 BFD packet to an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads.

  • CVE-2023-20049 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.
  • The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
  • Affected Vendor/Software: URL Logo Cisco - Cisco IOS XR Software version n/a

CVSS3 Score: 7.5 - HIGH

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
NETWORK LOW NONE NONE
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED NONE NONE HIGH

CVE References

Description Tags Link
Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability sec.cloudapps.cisco.com
text/html
 URL Logo CISCO 20230308 Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Related QID Numbers

  • 317302 Cisco Internetwork Operating System (IOS) XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service (DoS) Vulnerability (cisco-sa-bfd-XmRescbT)

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Hardware Device InfoCiscoAsr 9000v-v2-AllAllAll
Hardware Device InfoCiscoAsr 9001-AllAllAll
Hardware Device InfoCiscoAsr 9006-AllAllAll
Hardware Device InfoCiscoAsr 9010-AllAllAll
Hardware Device InfoCiscoAsr 9901-AllAllAll
Hardware Device InfoCiscoAsr 9902-AllAllAll
Hardware Device InfoCiscoAsr 9903-AllAllAll
Hardware Device InfoCiscoAsr 9904-AllAllAll
Hardware Device InfoCiscoAsr 9906-AllAllAll
Hardware Device InfoCiscoAsr 9910-AllAllAll
Hardware Device InfoCiscoAsr 9912-AllAllAll
Hardware Device InfoCiscoAsr 9922-AllAllAll
Operating
System		CiscoIos XrAllAllAllAll
Operating
System		CiscoIos Xr7.7AllAllAll
  • cpe:2.3:h:cisco:asr_9000v-v2:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:asr_9001:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:asr_9006:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:asr_9010:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:asr_9901:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:asr_9902:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:asr_9903:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:asr_9904:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:asr_9906:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:asr_9910:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:asr_9912:-:*:*:*:*:*:*:*:
  • cpe:2.3:h:cisco:asr_9922:-:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xr:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:cisco:ios_xr:7.7:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Reddit Logo Icon /r/netcve CVE-2023-20049 2023-03-09 22:38:54
Reddit Logo Icon /r/AJsBotPlayground [HIGH] CVE Report on March 10, 2023 12:14 2023-03-10 12:14:47
Reddit Logo Icon /r/AJsBotPlayground [HIGH] CVE Report on March 10, 2023 11:59 2023-03-10 11:59:24
Reddit Logo Icon /r/THECYBERSECURITYHUB Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers 2023-03-12 09:21:02
Reddit Logo Icon /r/u/TheCyberSecurityHub Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers 2023-03-12 09:21:02
Reddit Logo Icon /r/InfoSecNews Cisco fixed CVE-2023-20049 DoS flaw affecting enterprise routers 2023-03-12 11:45:42
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report