Vulnerability Description
A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of DHCPv6 messages. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To successfully exploit this vulnerability, the attacker would need to either control the DHCPv6 server or be in a man-in-the-middle position.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Adaptive Security Appliance Software | 9.8.1 |
| Cisco | Firepower Threat Defense | 9.8.1 |
| Cisco | Ios | 17.8.1 |
| Cisco | Ios Xe | 17.8.1 |
| Cisco | 1100-4G Integrated Services Router | - |
| Cisco | 1100-4P Integrated Services Router | - |
| Cisco | 1100-6G Integrated Services Router | - |
| Cisco | 1100-8P Integrated Services Router | - |
| Cisco | 1101-4P Integrated Services Router | - |
| Cisco | 1101 Integrated Services Router | - |
| Cisco | 1109-2P Integrated Services Router | - |
| Cisco | 1109-4P Integrated Services Router | - |
| Cisco | 1109 Integrated Services Router | - |
| Cisco | 1111X-8P Integrated Services Router | - |
| Cisco | 1111X Integrated Services Router | - |
| Cisco | 111X Integrated Services Router | - |
| Cisco | 1120 Integrated Services Router | - |
| Cisco | 1131 Integrated Services Router | - |
| Cisco | 1160 Integrated Services Router | - |
| Cisco | 4000 Integrated Services Router | - |
Related Weaknesses (CWE)
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
FAQ
What is CVE-2023-20081?
CVE-2023-20081 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Softwar...
How severe is CVE-2023-20081?
CVE-2023-20081 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-20081?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Adaptive Security Appliance Software, Cisco Firepower Threat Defense, Cisco Ios, Cisco Ios Xe, Cisco 1100-4G Integrated Services Router.