Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-20027

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large packets that occurs when VFR is enabled on either a tunnel interface or on a physical interface that is configured with a maximum transmission unit (MTU) greater than 4,615 bytes. An attacker could exploit this vulnerability by sending fragmented packets through a VFR-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Published

2023-03-23T17:15:13.857

Last Modified

2024-11-21T07:40:23.213

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

Weaknesses

Type: Secondary
CWE-416
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios_xe	3.9.0as	Yes
Operating System	cisco	ios_xe	3.9.1s	Yes
Operating System	cisco	ios_xe	3.9.2s	Yes
Operating System	cisco	ios_xe	3.10.0s	Yes
Operating System	cisco	ios_xe	3.10.1s	Yes
Operating System	cisco	ios_xe	3.10.2as	Yes
Operating System	cisco	ios_xe	3.10.2s	Yes
Operating System	cisco	ios_xe	3.10.2ts	Yes
Operating System	cisco	ios_xe	3.10.3s	Yes
Operating System	cisco	ios_xe	3.10.4s	Yes
Operating System	cisco	ios_xe	3.10.5s	Yes
Operating System	cisco	ios_xe	3.10.6s	Yes
Operating System	cisco	ios_xe	3.10.7s	Yes
Operating System	cisco	ios_xe	3.10.8as	Yes
Operating System	cisco	ios_xe	3.10.8s	Yes
Operating System	cisco	ios_xe	3.10.9s	Yes
Operating System	cisco	ios_xe	3.10.10s	Yes
Operating System	cisco	ios_xe	3.11.0s	Yes
Operating System	cisco	ios_xe	3.11.1s	Yes
Operating System	cisco	ios_xe	3.11.2s	Yes
Operating System	cisco	ios_xe	3.11.3s	Yes
Operating System	cisco	ios_xe	3.11.4s	Yes
Operating System	cisco	ios_xe	3.12.0s	Yes
Operating System	cisco	ios_xe	3.12.1s	Yes
Operating System	cisco	ios_xe	3.12.2s	Yes
Operating System	cisco	ios_xe	3.12.3s	Yes
Operating System	cisco	ios_xe	3.12.4s	Yes
Operating System	cisco	ios_xe	3.13.0s	Yes
Operating System	cisco	ios_xe	3.13.1s	Yes
Operating System	cisco	ios_xe	3.13.2s	Yes
Operating System	cisco	ios_xe	3.13.3s	Yes
Operating System	cisco	ios_xe	3.13.4s	Yes
Operating System	cisco	ios_xe	3.13.5s	Yes
Operating System	cisco	ios_xe	3.13.6as	Yes
Operating System	cisco	ios_xe	3.13.6s	Yes
Operating System	cisco	ios_xe	3.13.7s	Yes
Operating System	cisco	ios_xe	3.13.8s	Yes
Operating System	cisco	ios_xe	3.13.9s	Yes
Operating System	cisco	ios_xe	3.13.10s	Yes
Operating System	cisco	ios_xe	3.14.0s	Yes
Operating System	cisco	ios_xe	3.14.1s	Yes
Operating System	cisco	ios_xe	3.14.2s	Yes
Operating System	cisco	ios_xe	3.14.3s	Yes
Operating System	cisco	ios_xe	3.14.4s	Yes
Operating System	cisco	ios_xe	3.15.0s	Yes
Operating System	cisco	ios_xe	3.15.1cs	Yes
Operating System	cisco	ios_xe	3.15.1s	Yes
Operating System	cisco	ios_xe	3.15.2s	Yes
Operating System	cisco	ios_xe	3.15.3s	Yes
Operating System	cisco	ios_xe	3.15.4s	Yes
Operating System	cisco	ios_xe	3.16.0cs	Yes
Operating System	cisco	ios_xe	3.16.0s	Yes
Operating System	cisco	ios_xe	3.16.1as	Yes
Operating System	cisco	ios_xe	3.16.2s	Yes
Operating System	cisco	ios_xe	3.16.3s	Yes
Operating System	cisco	ios_xe	3.16.4as	Yes
Operating System	cisco	ios_xe	3.16.4bs	Yes
Operating System	cisco	ios_xe	3.16.4cs	Yes
Operating System	cisco	ios_xe	3.16.4ds	Yes
Operating System	cisco	ios_xe	3.16.4es	Yes
Operating System	cisco	ios_xe	3.16.4gs	Yes
Operating System	cisco	ios_xe	3.16.5as	Yes
Operating System	cisco	ios_xe	3.16.5bs	Yes
Operating System	cisco	ios_xe	3.16.5s	Yes
Operating System	cisco	ios_xe	3.16.6bs	Yes
Operating System	cisco	ios_xe	3.16.6s	Yes
Operating System	cisco	ios_xe	3.16.7as	Yes
Operating System	cisco	ios_xe	3.16.7bs	Yes
Operating System	cisco	ios_xe	3.16.7s	Yes
Operating System	cisco	ios_xe	3.16.8s	Yes
Operating System	cisco	ios_xe	3.16.9s	Yes
Operating System	cisco	ios_xe	3.16.10s	Yes
Operating System	cisco	ios_xe	3.17.0s	Yes
Operating System	cisco	ios_xe	3.17.1s	Yes
Operating System	cisco	ios_xe	3.17.2s	Yes
Operating System	cisco	ios_xe	3.17.3s	Yes
Operating System	cisco	ios_xe	3.17.4s	Yes
Operating System	cisco	ios_xe	3.18.0as	Yes
Operating System	cisco	ios_xe	3.18.2asp	Yes
Operating System	cisco	ios_xe	16.2.1	Yes
Operating System	cisco	ios_xe	16.2.2	Yes
Operating System	cisco	ios_xe	16.3.1	Yes
Operating System	cisco	ios_xe	16.3.1a	Yes
Operating System	cisco	ios_xe	16.3.2	Yes
Operating System	cisco	ios_xe	16.3.3	Yes
Operating System	cisco	ios_xe	16.3.4	Yes
Operating System	cisco	ios_xe	16.3.5	Yes
Operating System	cisco	ios_xe	16.3.6	Yes
Operating System	cisco	ios_xe	16.3.7	Yes
Operating System	cisco	ios_xe	16.3.8	Yes
Operating System	cisco	ios_xe	16.3.9	Yes
Operating System	cisco	ios_xe	16.3.10	Yes
Operating System	cisco	ios_xe	16.3.11	Yes
Operating System	cisco	ios_xe	16.4.1	Yes
Operating System	cisco	ios_xe	16.4.2	Yes
Operating System	cisco	ios_xe	16.4.3	Yes
Operating System	cisco	ios_xe	16.5.1	Yes
Operating System	cisco	ios_xe	16.5.1b	Yes
Operating System	cisco	ios_xe	16.5.2	Yes
Operating System	cisco	ios_xe	16.5.3	Yes
Operating System	cisco	ios_xe	16.6.1	Yes
Operating System	cisco	ios_xe	16.6.2	Yes
Operating System	cisco	ios_xe	16.6.3	Yes
Operating System	cisco	ios_xe	16.6.4	Yes
Operating System	cisco	ios_xe	16.6.4s	Yes
Operating System	cisco	ios_xe	16.6.5	Yes
Operating System	cisco	ios_xe	16.6.6	Yes
Operating System	cisco	ios_xe	16.6.7	Yes
Operating System	cisco	ios_xe	16.6.8	Yes
Operating System	cisco	ios_xe	16.6.9	Yes
Operating System	cisco	ios_xe	16.6.10	Yes
Operating System	cisco	ios_xe	16.7.1	Yes
Operating System	cisco	ios_xe	16.7.2	Yes
Operating System	cisco	ios_xe	16.7.3	Yes
Operating System	cisco	ios_xe	16.8.1	Yes
Operating System	cisco	ios_xe	16.8.1s	Yes
Operating System	cisco	ios_xe	16.8.2	Yes
Operating System	cisco	ios_xe	16.8.3	Yes
Operating System	cisco	ios_xe	16.9.1	Yes
Operating System	cisco	ios_xe	16.9.1s	Yes
Operating System	cisco	ios_xe	16.9.2	Yes
Operating System	cisco	ios_xe	16.9.2s	Yes
Operating System	cisco	ios_xe	16.9.3	Yes
Operating System	cisco	ios_xe	16.9.3s	Yes
Operating System	cisco	ios_xe	16.9.4	Yes
Operating System	cisco	ios_xe	16.9.5	Yes
Operating System	cisco	ios_xe	16.9.6	Yes
Operating System	cisco	ios_xe	16.9.7	Yes
Operating System	cisco	ios_xe	16.9.8	Yes
Operating System	cisco	ios_xe	16.9.8a	Yes
Operating System	cisco	ios_xe	16.9.8c	Yes
Operating System	cisco	ios_xe	16.10.1	Yes
Operating System	cisco	ios_xe	16.10.1a	Yes
Operating System	cisco	ios_xe	16.10.1b	Yes
Operating System	cisco	ios_xe	16.10.1e	Yes
Operating System	cisco	ios_xe	16.10.1s	Yes
Operating System	cisco	ios_xe	16.10.2	Yes
Operating System	cisco	ios_xe	16.10.3	Yes
Operating System	cisco	ios_xe	16.11.1	Yes
Operating System	cisco	ios_xe	16.11.1a	Yes
Operating System	cisco	ios_xe	16.11.1c	Yes
Operating System	cisco	ios_xe	16.11.1s	Yes
Operating System	cisco	ios_xe	16.11.2	Yes
Operating System	cisco	ios_xe	16.12.1	Yes
Operating System	cisco	ios_xe	16.12.1a	Yes
Operating System	cisco	ios_xe	16.12.1c	Yes
Operating System	cisco	ios_xe	16.12.1s	Yes
Operating System	cisco	ios_xe	16.12.2	Yes
Operating System	cisco	ios_xe	16.12.2s	Yes
Operating System	cisco	ios_xe	16.12.2t	Yes
Operating System	cisco	ios_xe	16.12.3	Yes
Operating System	cisco	ios_xe	16.12.3s	Yes
Operating System	cisco	ios_xe	16.12.4	Yes
Operating System	cisco	ios_xe	16.12.5	Yes
Operating System	cisco	ios_xe	16.12.6	Yes
Operating System	cisco	ios_xe	16.12.7	Yes
Operating System	cisco	ios_xe	16.12.8	Yes
Operating System	cisco	ios_xe	17.1.1	Yes
Operating System	cisco	ios_xe	17.1.1s	Yes
Operating System	cisco	ios_xe	17.1.1t	Yes
Operating System	cisco	ios_xe	17.1.2	Yes
Operating System	cisco	ios_xe	17.1.3	Yes
Operating System	cisco	ios_xe	17.2.1	Yes
Operating System	cisco	ios_xe	17.2.1r	Yes
Operating System	cisco	ios_xe	17.2.1v	Yes
Operating System	cisco	ios_xe	17.2.2	Yes
Operating System	cisco	ios_xe	17.2.3	Yes
Operating System	cisco	ios_xe	17.3.1	Yes
Operating System	cisco	ios_xe	17.3.1a	Yes
Operating System	cisco	ios_xe	17.3.2	Yes
Operating System	cisco	ios_xe	17.3.3	Yes
Operating System	cisco	ios_xe	17.3.4	Yes
Operating System	cisco	ios_xe	17.3.4a	Yes
Operating System	cisco	ios_xe	17.3.5	Yes
Operating System	cisco	ios_xe	17.4.1	Yes
Operating System	cisco	ios_xe	17.4.1a	Yes
Operating System	cisco	ios_xe	17.4.1b	Yes
Operating System	cisco	ios_xe	17.4.2	Yes
Operating System	cisco	ios_xe	17.5.1	Yes
Operating System	cisco	ios_xe	17.5.1a	Yes
Operating System	cisco	ios_xe	17.6.1	Yes
Operating System	cisco	ios_xe	17.6.1a	Yes
Operating System	cisco	ios_xe	17.6.2	Yes
Operating System	cisco	ios_xe	17.6.3	Yes
Operating System	cisco	ios_xe	17.6.3a	Yes
Operating System	cisco	ios_xe	17.7.1	Yes
Operating System	cisco	ios_xe	17.7.1a	Yes
Operating System	cisco	ios_xe	17.7.2	Yes
Operating System	cisco	ios_xe	17.8.1	Yes
Operating System	cisco	ios_xe	17.8.1a	Yes
Application	cisco	catalyst_8000v_edge	-	No
Application	cisco	cloud_services_router_1000v	-	No
Hardware	cisco	1000_integrated_services_router	-	No
Hardware	cisco	1100-4g\/6g_integrated_services_router	-	No
Hardware	cisco	1100-4g_integrated_services_router	-	No
Hardware	cisco	1100-4p_integrated_services_router	-	No
Hardware	cisco	1100-6g_integrated_services_router	-	No
Hardware	cisco	1100-8p_integrated_services_router	-	No
Hardware	cisco	1100_integrated_services_router	-	No
Hardware	cisco	1101-4p_integrated_services_router	-	No
Hardware	cisco	1101_integrated_services_router	-	No
Hardware	cisco	1109-2p_integrated_services_router	-	No
Hardware	cisco	1109-4p_integrated_services_router	-	No
Hardware	cisco	1109_integrated_services_router	-	No
Hardware	cisco	1111x-8p_integrated_services_router	-	No
Hardware	cisco	1111x_integrated_services_router	-	No
Hardware	cisco	111x_integrated_services_router	-	No
Hardware	cisco	1120_integrated_services_router	-	No
Hardware	cisco	1131_integrated_services_router	-	No
Hardware	cisco	1160_integrated_services_router	-	No
Hardware	cisco	4221_integrated_services_router	-	No
Hardware	cisco	4321_integrated_services_router	-	No
Hardware	cisco	4331_integrated_services_router	-	No
Hardware	cisco	4351_integrated_services_router	-	No
Hardware	cisco	4431_integrated_services_router	-	No
Hardware	cisco	4451-x_integrated_services_router	-	No
Hardware	cisco	4461_integrated_services_router	-	No
Hardware	cisco	c8200-1n-4t	-	No
Hardware	cisco	c8200l-1n-4t	-	No
Hardware	cisco	c8500l-8s4x	-	No
Hardware	cisco	catalyst_8300-1n1s-4t2x	-	No
Hardware	cisco	catalyst_8300-1n1s-6t	-	No
Hardware	cisco	catalyst_8300-2n2s-4t2x	-	No
Hardware	cisco	catalyst_8300-2n2s-6t	-	No

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4-vfr-dos-CXxtFacb Vendor Advisory ([email protected])
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv4-vfr-dos-CXxtFacb Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)