CVE-2023-20033

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches (affected versions not specified)

Description The issue is related to improper resource management when processing traffic received on the management interface, which could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. An attacker could exploit this by sending a high rate of traffic to the management interface.

Recommendations For Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches, update to a version that includes the fix for this issue, as software updates have been released by Cisco to address this vulnerability. As a temporary workaround, consider restricting access to the management interface to minimize the risk of exploitation. Avoid sending a high rate of traffic to the management interface until the issue is resolved. At the moment, there is no information about specific versions that contain a fix for this vulnerability, but it is recommended to follow Cisco's security advisory for the September 2023 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication for a complete list of advisories and links to them.