Cisco warns of a vulnerability discovered in IOS and IOS XE possible exploitation. The vulnerability which is said to affect the Cisco Group Encrypted Transport VPN (GET VPN), allows an authenticated attacker with administrative control, execute a malicious code or even crash the affected devices. The vulnerability which is assigned a record of CVE-2023-20109, has a CVE score of 6.6, and its criticality is considered medium.
CISCO stated that:
“This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI)” and the G-IKEv2 protocols of the GET VPN feature.”
The G-IKEv2 protocol serves as a mechanism for Group Members (GMs) to acquire keys and policies from a designated key server. These policy keys are employed to ensure the security of communications among Group Managers within a group. This innovative model is designed to enhance the security of group communication across different remote locations within an enterprise’s private WAN.
Furthermore Cisco explained that:
“An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by an attacker.”
If an exploit is successful an attacker could possibly execute arbitrary code and obtain full control and access of the compromised device, or even reboot the affected system resulting into a Denial-of-service attack.
Cisco further disclosed, that the security flaws could be detected in CISCO IOS and IOS XE software that has the GDOI or G-IKEv2 protocol enabled. Users have been advised to run the command on their router CLI, to determine if they had GDOI configured on it.
Router# show running-config | include crypto gdoi | gkm group
Further details about the vulnerability, mitigation, and additional information about the discovery can be found here.
Please do let us know in the comment section what are your thoughts about this.