#VU81249 Error Handling in Cisco Systems, Inc products - CVE-2023-20227
Published: September 28, 2023
Vulnerability identifier: #VU81249
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-20227
CWE-ID: CWE-388
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IOS XE
Cisco 1000 Series Integrated Services Routers
1100 Series Integrated Services Routers
4000 Series Integrated Services Routers
Catalyst 8000V Edge Software
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Catalyst 8500L Series Edge Platforms
Integrated Services Virtual Routers
VG400 Analog Voice Gateway
VG450 Analog Voice Gateway
VG420 Analog Voice Gateway
Cloud Services Routers 1000V Series
Cisco IOS XE
Cisco 1000 Series Integrated Services Routers
1100 Series Integrated Services Routers
4000 Series Integrated Services Routers
Catalyst 8000V Edge Software
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Catalyst 8500L Series Edge Platforms
Integrated Services Virtual Routers
VG400 Analog Voice Gateway
VG450 Analog Voice Gateway
VG420 Analog Voice Gateway
Cloud Services Routers 1000V Series
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling in the Layer 2 Tunneling Protocol (L2TP) feature. A remote attacker can send specially crafted L2TP packets to the device and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.