CVE-2023-20049

Name of the Vulnerable Software and Affected Versions Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers (affected versions not specified)

Description A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This is due to the incorrect handling of malformed BFD packets received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this by sending a crafted IPv4 BFD packet to an affected device, potentially causing line card exceptions or a hard reset and resulting in loss of traffic over that line card while it reloads.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the BFD hardware offload feature on line cards until a patch is available. Restrict access to the BFD protocol to minimize the risk of exploitation. Avoid using the BFD protocol in the affected API endpoint until the issue is resolved.