PT-2023-2212 · Cisco · Cisco Packet Data Network Gateway

Publicado

2023-04-05

Atualizado

2023-04-11

CVE-2023-20051

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Cisco Packet Data Network Gateway (PGW) (affected versions not specified)

Description A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This issue is due to the VPP improperly handling a malformed packet. An attacker could exploit this by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over an IPsec connection and cause a denial of service (DoS).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Resource Exhaustion

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-20

Identificadores relacionados

BDU:2023-01960

CVE-2023-20051

Produtos afetados

Cisco Packet Data Network Gateway

PT-2023-2212 · Cisco · Cisco Packet Data Network Gateway

CVE-2023-20051

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6