Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-20233: Cisco Security Advisory: Cisco IOS XR Software Connectivity Fault Management Denial of Service Vulnerability

A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device.

CVE
Open in Source
#vulnerability#ios#mac#cisco#dos#auth

At the time of publication, this vulnerability affected Cisco products if they were running a vulnerable release of Cisco IOS-XR Software and had the CFM feature enabled. CFM is not enabled by default in Cisco IOS XR Software.

For information about which Cisco software releases were vulnerable at the time of publication, see the Fixed Software section of this advisory. See the Details section in the bug ID(s) at the top of this advisory for the most complete and current information.

Determine the Device Configuration

To exploit the vulnerability in CFM, the ethernet cfm command must be configured globally and an interface on the device must have the mep command.

To determine whether the CFM service is enabled, log in to the device and run the show running-config ethernet cfm command in the CLI. If the ethernet cfm command is present in the global configuration, the CFM service is enabled on the device.

The following example shows the output of the show running-config ethernet cfm command for a device that has the CFM service enabled:

RP/0/RSP0/CPU0:ios#show running-config ethernet cfm

ethernet cfm
domain TestDomain level 7 id string TestDomain
service TestService down-meps
continuity-check interval 1s
mep crosscheck
mep-id 702 mac-address 1070.fdf8.5555

To determine if the mep command is configured on any interface of the device, use the show running-config | begin mep domain command. The following example shows the output of the show running-config | begin mep domain command for a device that has the mep command configured on an interface:

RP/0/RSP0/CPU0:ios#show running-config | begin mep domain
mep domain TestDomain service TestService mep-id 701

Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

  • IOS Software
  • IOS XE Software
  • NX-OS Software

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE