Connect with us

Hi, what are you looking for?



Cisco Warns of IOS Software Zero-Day Exploitation Attempts

Cisco has released patches for vulnerability in the GET VPN feature of IOS and IOS XE software that has been exploited in attacks.

Cisco zero-day CVE-2023-20109 exploited

Cisco this week announced patches for multiple vulnerabilities impacting its products, including a medium-severity flaw in IOS and IOS XE software that appears to have been exploited in attacks.

Tracked as CVE-2023-20109, the bug impacts the Group Encrypted Transport VPN (GET VPN) feature of IOS and IOS XE and can lead to remote code execution. Successful exploitation of the flaw requires that the attacker has valid credentials and administrative control over a group member or a key server.

“This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker,” Cisco notes in its advisory.

All Cisco products running a vulnerable IOS or IOS XE release with the GDOI or G-IKEv2 protocol enabled are impacted by this issue. There are no workarounds available for this bug and Cisco recommends that all customers update to a patched IOS or IOS XE release.

The tech giant also notes that it has observed exploitation attempts targeting this vulnerability.

“Cisco discovered attempted exploitation of the GET VPN feature and conducted a technical code review of the feature. This vulnerability was discovered during our internal investigation,” the company notes.

This week, Cisco also released patches for multiple flaws in the Catalyst SD-WAN Manager product, including a critical-severity bug (CVE-2023-20252, CVSS score of 9.8) in the SAML APIs that could allow an unauthenticated attacker to gain unauthorized access to the application as an arbitrary user.

The vulnerability was resolved along with four high-severity bugs that could be exploited to bypass authorization and roll back controller configurations, access a system’s Elasticsearch database, access another tenant managed on the same instance, or cause a denial-of-service (DoS) condition.

Advertisement. Scroll to continue reading.

Multiple other high-severity issues leading to code execution, DoS, data access and tampering, and file exfiltration were addressed with software updates for IOS, IOS XE, and Cisco DNA Center. The tech giant also patched several other medium-severity issues impacting its products.

Cisco says that, aside from CVE-2023-20109, it is not aware of any of these vulnerabilities being exploited in attacks. Additional information can be found on Cisco’s security advisories page.

Related: Cisco ASA Zero-Day Exploited in Akira Ransomware Attacks

Related: Cisco Patches Critical Vulnerability in BroadWorks Platform

Related: Cisco Patches Vulnerabilities Exposing Switches, Firewalls to DoS Attacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.