CVE-2023-20109

216.73.216.233

· Published 10/10/2023 02:00 · Modified 21/12/2025 07:45 · Author: Cybersecurity and Infrastructure Security Agency

Labels: CVE-2023-20109

Essential information

Published: 10/10/2023 02:00
Modified: 21/12/2025 07:45
Author: Cybersecurity and Infrastructure Security Agency
Creator: Cybersecurity and Infrastructure Security Agency
CVSS: 6.6 MEDIUM (v3.1)
CISA KEV: Yes
CWE: —
CVSS vector: CVSS:3.1/AV:N/C:H/I:H/A:H

CVSS metrics

Description

Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash.

NVD status

NVD: View on NVD