Multiple Vulnerabilities in Cisco IOS XR Software
Security advisories include one High severity vulnerability involving denial-of-service and one Medium severity vulnerability involving unauthorised information disclosure
Summary
Security advisories include one High severity vulnerability involving denial-of-service and one Medium severity vulnerability involving unauthorised information disclosure
Threat details
Introduction
Cisco has released security advisories concerning one High severity vulnerability and one Medium severity vulnerability for Cisco IOS XR. The High severity vulnerability, CVE-2023-20049, involves the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR and could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial-of-service (DoS) condition.
CVE-2023-20064 is a Medium severity vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software which could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line.
Remediation advice
Affected organisations are encouraged to review the following Cisco Security Advisories and apply the relevant updates.
Remediation steps
| Type | Step |
|---|---|
| Patch |
Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability | cisco-sa-bfd-XmRescbT https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bfd-XmRescbT |
| Patch |
Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability | cisco-sa-iosxr-load-infodisc-9rdOr5Fq https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-load-infodisc-9rdOr5Fq |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 10 March 2023 12:58 pm