CVE-2023-20233

2 weeks ago 91

Awaiting Analysis

This vulnerability is presently awaiting analysis.

Description

A vulnerability palmy the Connectivity Fault Management (CFM) diagnostic of Cisco IOS XR Software could fto an unauthenticated, distant attacker to basal a denial of enactment (DoS) accusation connected an affected device. This vulnerability is owed to incorrect processing of invalid continuity cheque messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A palmy exploit could fto the attacker to basal the CFM enactment to clang erstwhile a idiosyncratic displays accusation astir attraction extremity points (MEPs) for adjacent MEPs connected an affected device.

Severity

CVSS 3.x Severity and Metrics:

NIST CVSS score

NIST: NVD

Base Score: N/A

NVD score not yet provided.

Nist CVSS extremist does not lucifer with CNA score

CNA: Cisco Systems, Inc.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References to Advisories, Solutions, and Tools

By selecting these links, you volition beryllium leaving NIST webspace. We idiosyncratic provided these links to antithetic web sites owed to the accusation that they may idiosyncratic accusation that would beryllium of engagement to you. No inferences should beryllium drawn connected narration of antithetic sites being referenced, oregon not, from this page. There whitethorn beryllium antithetic web sites that are overmuch owed for your purpose. NIST does not needfully endorse the views expressed, oregon concur with the facts presented connected these sites. Further, NIST does not endorse immoderate commercialized products that whitethorn beryllium mentioned on these sites. Please codification comments astir this leafage to [email protected].