CVE-2023-20083

Name of the Vulnerable Software and Affected Versions Cisco Firepower Threat Defense (FTD) Software (affected versions not specified)

Description The issue is related to improper error checking when parsing fields within the ICMPv6 header, which could allow an unauthenticated, remote attacker to cause the CPU of an affected device to spike to 100 percent. This could stop all traffic processing and result in a denial of service (DoS) condition. FTD management traffic is not affected by this issue. An attacker could exploit this by sending a crafted ICMPv6 packet through an affected device, causing the device to exhaust CPU resources and stop processing traffic.

Recommendations To resolve the issue, restart the Snort 2 Detection Engine or the Cisco FTD device to recover from the DoS condition. As a temporary workaround, consider restricting access to the ICMPv6 inspection feature until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.