Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Network
0

CVE-2023-20027

Disclosure Date: March 22, 2023
CVE-2023-20027 CVSS v3 Base Score: 8.6
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large packets that occurs when VFR is enabled on either a tunnel interface or on a physical interface that is configured with a maximum transmission unit (MTU) greater than 4,615 bytes. An attacker could exploit this vulnerability by sending fragmented packets through a VFR-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
8.6 High
Impact Score:
4
Exploitability Score:
3.9
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Changed
Confidentiality (C):
None
Integrity (I):
None
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Cisco IOS XE Software n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • cisco

Products

  • ios xe 16.10.1,
  • ios xe 16.10.1a,
  • ios xe 16.10.1b,
  • ios xe 16.10.1e,
  • ios xe 16.10.1s,
  • ios xe 16.10.2,
  • ios xe 16.10.3,
  • ios xe 16.11.1,
  • ios xe 16.11.1a,
  • ios xe 16.11.1c,
  • ios xe 16.11.1s,
  • ios xe 16.11.2,
  • ios xe 16.12.1,
  • ios xe 16.12.1a,
  • ios xe 16.12.1c,
  • ios xe 16.12.1s,
  • ios xe 16.12.2,
  • ios xe 16.12.2s,
  • ios xe 16.12.2t,
  • ios xe 16.12.3,
  • ios xe 16.12.3s,
  • ios xe 16.12.4,
  • ios xe 16.12.5,
  • ios xe 16.12.6,
  • ios xe 16.12.7,
  • ios xe 16.12.8,
  • ios xe 16.2.1,
  • ios xe 16.2.2,
  • ios xe 16.3.1,
  • ios xe 16.3.10,
  • ios xe 16.3.11,
  • ios xe 16.3.1a,
  • ios xe 16.3.2,
  • ios xe 16.3.3,
  • ios xe 16.3.4,
  • ios xe 16.3.5,
  • ios xe 16.3.6,
  • ios xe 16.3.7,
  • ios xe 16.3.8,
  • ios xe 16.3.9,
  • ios xe 16.4.1,
  • ios xe 16.4.2,
  • ios xe 16.4.3,
  • ios xe 16.5.1,
  • ios xe 16.5.1b,
  • ios xe 16.5.2,
  • ios xe 16.5.3,
  • ios xe 16.6.1,
  • ios xe 16.6.10,
  • ios xe 16.6.2,
  • ios xe 16.6.3,
  • ios xe 16.6.4,
  • ios xe 16.6.4s,
  • ios xe 16.6.5,
  • ios xe 16.6.6,
  • ios xe 16.6.7,
  • ios xe 16.6.8,
  • ios xe 16.6.9,
  • ios xe 16.7.1,
  • ios xe 16.7.2,
  • ios xe 16.7.3,
  • ios xe 16.8.1,
  • ios xe 16.8.1s,
  • ios xe 16.8.2,
  • ios xe 16.8.3,
  • ios xe 16.9.1,
  • ios xe 16.9.1s,
  • ios xe 16.9.2,
  • ios xe 16.9.2s,
  • ios xe 16.9.3,
  • ios xe 16.9.3s,
  • ios xe 16.9.4,
  • ios xe 16.9.5,
  • ios xe 16.9.6,
  • ios xe 16.9.7,
  • ios xe 16.9.8,
  • ios xe 16.9.8a,
  • ios xe 16.9.8c,
  • ios xe 17.1.1,
  • ios xe 17.1.1s,
  • ios xe 17.1.1t,
  • ios xe 17.1.2,
  • ios xe 17.1.3,
  • ios xe 17.2.1,
  • ios xe 17.2.1r,
  • ios xe 17.2.1v,
  • ios xe 17.2.2,
  • ios xe 17.2.3,
  • ios xe 17.3.1,
  • ios xe 17.3.1a,
  • ios xe 17.3.2,
  • ios xe 17.3.3,
  • ios xe 17.3.4,
  • ios xe 17.3.4a,
  • ios xe 17.3.5,
  • ios xe 17.4.1,
  • ios xe 17.4.1a,
  • ios xe 17.4.1b,
  • ios xe 17.4.2,
  • ios xe 17.5.1,
  • ios xe 17.5.1a,
  • ios xe 17.6.1,
  • ios xe 17.6.1a,
  • ios xe 17.6.2,
  • ios xe 17.6.3,
  • ios xe 17.6.3a,
  • ios xe 17.7.1,
  • ios xe 17.7.1a,
  • ios xe 17.7.2,
  • ios xe 17.8.1,
  • ios xe 17.8.1a,
  • ios xe 3.10.0s,
  • ios xe 3.10.10s,
  • ios xe 3.10.1s,
  • ios xe 3.10.2as,
  • ios xe 3.10.2s,
  • ios xe 3.10.2ts,
  • ios xe 3.10.3s,
  • ios xe 3.10.4s,
  • ios xe 3.10.5s,
  • ios xe 3.10.6s,
  • ios xe 3.10.7s,
  • ios xe 3.10.8as,
  • ios xe 3.10.8s,
  • ios xe 3.10.9s,
  • ios xe 3.11.0s,
  • ios xe 3.11.1s,
  • ios xe 3.11.2s,
  • ios xe 3.11.3s,
  • ios xe 3.11.4s,
  • ios xe 3.12.0s,
  • ios xe 3.12.1s,
  • ios xe 3.12.2s,
  • ios xe 3.12.3s,
  • ios xe 3.12.4s,
  • ios xe 3.13.0s,
  • ios xe 3.13.10s,
  • ios xe 3.13.1s,
  • ios xe 3.13.2s,
  • ios xe 3.13.3s,
  • ios xe 3.13.4s,
  • ios xe 3.13.5s,
  • ios xe 3.13.6as,
  • ios xe 3.13.6s,
  • ios xe 3.13.7s,
  • ios xe 3.13.8s,
  • ios xe 3.13.9s,
  • ios xe 3.14.0s,
  • ios xe 3.14.1s,
  • ios xe 3.14.2s,
  • ios xe 3.14.3s,
  • ios xe 3.14.4s,
  • ios xe 3.15.0s,
  • ios xe 3.15.1cs,
  • ios xe 3.15.1s,
  • ios xe 3.15.2s,
  • ios xe 3.15.3s,
  • ios xe 3.15.4s,
  • ios xe 3.16.0cs,
  • ios xe 3.16.0s,
  • ios xe 3.16.10s,
  • ios xe 3.16.1as,
  • ios xe 3.16.2s,
  • ios xe 3.16.3s,
  • ios xe 3.16.4as,
  • ios xe 3.16.4bs,
  • ios xe 3.16.4cs,
  • ios xe 3.16.4ds,
  • ios xe 3.16.4es,
  • ios xe 3.16.4gs,
  • ios xe 3.16.5as,
  • ios xe 3.16.5bs,
  • ios xe 3.16.5s,
  • ios xe 3.16.6bs,
  • ios xe 3.16.6s,
  • ios xe 3.16.7as,
  • ios xe 3.16.7bs,
  • ios xe 3.16.7s,
  • ios xe 3.16.8s,
  • ios xe 3.16.9s,
  • ios xe 3.17.0s,
  • ios xe 3.17.1s,
  • ios xe 3.17.2s,
  • ios xe 3.17.3s,
  • ios xe 3.17.4s,
  • ios xe 3.18.0as,
  • ios xe 3.18.2asp,
  • ios xe 3.9.0as,
  • ios xe 3.9.1s,
  • ios xe 3.9.2s

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis