Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-20049
HistoryMar 09, 2023 - 10:15 p.m.

CVE-2023-20049

2023-03-0922:15:52
CWE-119
CWE-805
[email protected]
web.nvd.nist.gov
44
vulnerability
cisco
ios xr software
asr 9000
asr 9902
asr 9903
bfd
denial of service
dos
nvd

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

46.2%

JSON

A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed BFD packets that are received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this vulnerability by sending a crafted IPv4 BFD packet to an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads.

Affected configurations

NVD
Node
ciscoios_xrRange<7.5.3
OR
ciscoios_xrRange7.67.6.2
OR
ciscoios_xrMatch7.7
AND
ciscoasr_9000v-v2Match-
OR
ciscoasr_9001Match-
OR
ciscoasr_9006Match-
OR
ciscoasr_9010Match-
OR
ciscoasr_9901Match-
OR
ciscoasr_9902Match-
OR
ciscoasr_9903Match-
OR
ciscoasr_9904Match-
OR
ciscoasr_9906Match-
OR
ciscoasr_9910Match-
OR
ciscoasr_9912Match-
OR
ciscoasr_9922Match-

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco IOS XR Software ",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

Related

nessus 1
prion 1
cisco 1
nvd 1
cvelist 1
nessus
nessus
Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection DoS (cisco-sa-bfd-XmRescbT)
2023-03-31 00:00:00
prion
prion
Design/Logic Flaw
2023-03-09 22:15:00
cisco
cisco
Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability
2023-03-08 16:00:00
nvd
nvd
CVE-2023-20049
2023-03-09 22:15:52
cvelist
cvelist
CVE-2023-20049 Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability
2023-03-09 00:00:00

8.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

46.2%

JSON
Related for CVE-2023-20049
nessus1prion1cisco1nvd1cvelist1