Cisco Releases Security Updates for Multiple Products

Cisco has released security updates to address nine High and nine Medium severity vulnerabilities for Cisco IOS XE, Cisco IOS, Cisco DNA Center, and other products

Threat ID:: CC-4289
Threat Severity:: Information only
Published:: 24 March 2023 2:50 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Cisco has released security updates to address nine High and nine Medium severity vulnerabilities for Cisco IOS XE, Cisco IOS, Cisco DNA Center, and other products

Affected platforms

The following platforms are known to be affected:

Cisco IOS XE

1000 Series Integrated Services Routers
4000 Series Integrated Services Routers
Catalyst 8000 Edge Platforms Family
Catalyst 8000V Edge Software Routers
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Catalyst 8500L Series Edge Platforms
Cloud Services Router 1000V Series
ASR 1000 Series Aggregation Services Routers
Catalyst 9800 Embedded Wireless Controllers for Catalyst 9300, 9400, and 9500 Series Switches
Catalyst 9800 Series Wireless Controllers
Catalyst 9800-CL Wireless Controllers for Cloud
Embedded Wireless Controllers on Catalyst Access Points
Catalyst 9200 Series Switches
Catalyst 9300 Series Switches

Cisco IOS

Cisco DNA Center

Cisco Access Points

Business 150 APs and 151 Mesh Extenders
Catalyst 9100 APs
6300 Series Embedded Services APs
Aironet 1540 Series APs
Aironet 1560 Series APs
Aironet 1800 Series APs
Aironet 2800 Series APs
Aironet 3800 Series APs
Aironet 4800 APs
Catalyst IW6300 Heavy Duty Series APs
Catalyst IW9165 Heavy Duty Series
Catalyst IW9165 Rugged Series
Catalyst IW9167 Heavy Duty Series
Integrated APs on 1100 Integrated Services Routers (ISRs)

Cisco SD-WAN

Cisco Adaptive Security Appliance (ASA) Software

Cisco FirePower Threat Defense (FTD)

Threat details

Introduction

Cisco has released security updates to address nine High and nine Medium impact vulnerabilities for Cisco IOS XE, Cisco IOS, Cisco DNA Center, and other products. The High severity advisories include vulnerabilities that, if exploited, could lead to arbitrary command execution, escalation of privileges, or denial-of-service. An already authenticated attacker could exploit some of these vulnerabilities to take control of a system.

Remediation advice

Affected organisations are encouraged to review the following Cisco Security Advisories for more information.

Remediation steps

Type	Step
Patch	Cisco IOS XE Software Virtual Fragmentation Reassembly Denial of Service Vulnerability \| cisco-sa-ipv4-vfr-dos-CXxtFacb https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4-vfr-dos-CXxtFacb
Patch	Cisco IOS XE Software IOx Application Hosting Environment Privilege Escalation Vulnerability \| cisco-sa-iox-priv-escalate-Xg8zkyPk https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iox-priv-escalate-Xg8zkyPk
Patch	Cisco IOS XE SD-WAN Software Command Injection Vulnerability \| cisco-sa-ios-xe-sdwan-VQAhEjYw https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sdwan-VQAhEjYw
Patch	Cisco IOS XE Software Fragmented Tunnel Protocol Packet Denial of Service Vulnerability \| cisco-sa-ios-gre-crash-p6nE5Sq5 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-gre-crash-p6nE5Sq5
Patch	Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial of Service Vulnerability \| cisco-sa-ios-dhcpv6-dos-44cMvdDK https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-dhcpv6-dos-44cMvdDK
Patch	Cisco IOS XE Software for Wireless LAN Controllers HTTP Client Profiling Denial of Service Vulnerability \| cisco-sa-ewlc-dos-wFujBHKw https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-dos-wFujBHKw
Patch	Cisco DNA Center Privilege Escalation Vulnerability \| cisco-sa-dnac-privesc-QFXe74RS https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-privesc-QFXe74RS
Patch	Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches Secure Boot Bypass Vulnerability \| cisco-sa-c9300-spi-ace-yejYgnNQ https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9300-spi-ace-yejYgnNQ
Patch	Cisco Access Point Software Association Request Denial of Service Vulnerability \| cisco-sa-ap-assoc-dos-D2SunWK2 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-assoc-dos-D2SunWK2
Patch	Cisco IOS XE Software Web UI Path Traversal Vulnerability \| cisco-sa-webui-pthtrv-es7GSb9V https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-pthtrv-es7GSb9V
Patch	Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability \| cisco-sa-vman-csrf-76RDbLEh https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-csrf-76RDbLEh
Patch	Cisco IOS XE Software Privilege Escalation Vulnerability \| cisco-sa-iosxe-priv-esc-sABD8hcU https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-sABD8hcU
Patch	Cisco DNA Center Information Disclosure Vulnerability \| cisco-sa-dnac-infodisc-pe7zAbdR https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnac-infodisc-pe7zAbdR
Patch	Cisco IOS XE Software for Wireless LAN Controllers CAPWAP Join Denial of Service Vulnerability \| cisco-sa-c9800-apjoin-dos-nXRHkt5 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-c9800-apjoin-dos-nXRHkt5
Patch	Cisco Adaptive Security Appliance Software, Firepower Threat Defense Software, IOS Software, and IOS XE Software IPv6 DHCP (DHCPv6) Client Denial of Service Vulnerability \| cisco-sa-asaftdios-dhcpv6-cli-Zf3zTv https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftdios-dhcpv6-cli-Zf3zTv
Patch	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Low-Entropy Keys Vulnerability \| cisco-sa-asa5500x-entropy-6v9bHVYP https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa5500x-entropy-6v9bHVYP
Patch	Cisco Access Point Software Denial of Service Vulnerability \| cisco-sa-ap-cli-dos-tc2EKEpu https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ap-cli-dos-tc2EKEpu
Patch	Cisco Access Point Software Command Injection Vulnerability \| cisco-sa-aironetap-cmdinj-6bjT4FL8 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironetap-cmdinj-6bjT4FL8

CVE Vulnerabilities

Status Published

CVE-2023-20027

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large packets that occurs when VFR is enabled on either a tunnel interface or on a physical interface that is configured with a maximum transmission unit (MTU) greater than 4,615 bytes. An attacker could exploit this vulnerability by sending fragmented packets through a VFR-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Status Published

CVE-2023-20065

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges.

Status Published

CVE-2023-20035

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an affected device using either local terminal access or a management shell interface and then submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system. Note: For additional information about specific impacts, see the Details section of this advisory.

Status Published

CVE-2023-20072

A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of large fragmented tunnel protocol packets. One example of a tunnel protocol is Generic Routing Encapsulation (GRE). An attacker could exploit this vulnerability by sending crafted fragmented packets to an affected system. A successful exploit could allow the attacker to cause the affected system to reload, resulting in a DoS condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability.

Status Published

CVE-2023-20080

A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly.

Status Published

CVE-2023-20067

A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic through a wireless access point. A successful exploit could allow the attacker to cause CPU utilization to increase, which could result in a DoS condition on an affected device and could cause new wireless client associations to fail. Once the offending traffic stops, the affected system will return to an operational state and new client associations will succeed.

Status Published

CVE-2023-20055

A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker could exploit this vulnerability by inspecting the responses from the API. Under certain circumstances, a successful exploit could allow the attacker to access the API with the privileges of a higher-level user account. To successfully exploit this vulnerability, the attacker would need at least valid Observer credentials.

Status Published

CVE-2023-20082

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to errors that occur when retrieving the public release key that is used for image signature verification. An attacker could exploit this vulnerability by modifying specific variables in the Serial Peripheral Interface (SPI) flash memory of an affected device. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Note: In Cisco IOS XE Software releases 16.11.1 and later, the complexity of an attack using this vulnerability is high. However, an attacker with level-15 privileges could easily downgrade the Cisco IOS XE Software on a device to a release that would lower the attack complexity.

Status Published

CVE-2023-20112

A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this vulnerability by sending a wireless 802.11 association request frame with crafted parameters to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of an affected device, resulting in a DoS condition.

Last edited: 24 March 2023 2:50 pm