PT-2023-2212 · Cisco · Cisco Packet Data Network Gateway

Published

2023-04-05

Updated

2023-04-11

CVE-2023-20051

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Cisco Packet Data Network Gateway (PGW) (affected versions not specified)

Description A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This issue is due to the VPP improperly handling a malformed packet. An attacker could exploit this by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over an IPsec connection and cause a denial of service (DoS).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Resource Exhaustion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-20

Related Identifiers

BDU:2023-01960

CVE-2023-20051

Affected Products

Cisco Packet Data Network Gateway

PT-2023-2212 · Cisco · Cisco Packet Data Network Gateway

CVE-2023-20051

Weakness Enumeration

Related Identifiers

Affected Products

References · 6