Cisco warns of attempted exploitation of zero-day in VPN software

Jason Macuray
Cisco has discovered that hackers are attempting to exploit a vulnerability affecting one of its VPN products.

Cisco has discovered that hackers are attempting to exploit a vulnerability affecting one of its VPN products.

The tech giant published several advisories last week about vulnerabilities, but experts honed in on one affecting the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software.

The vulnerability, tagged as CVE-2023-20109, could allow a hacker to take actions on an affected device or cause the device to crash. It carries a CVSS severity score of 6.6 out of 10 and was announced Sept. 27.

“A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition,” the company said, adding that the vulnerability “can only be exploited in one of two ways” and “both ways would require previous infiltration of the environment.”

There are no workarounds for the vulnerability other than the patches provided, Cisco said.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released its own warning urging companies to install the patches.

Several cybersecurity experts said that while the vulnerability was serious, a hacker would already need to be deep in an organization’s systems to exploit it — making it likely the bug would be used for those looking to escalate their access privileges in an already-compromised system.

Tim Silverline, vice president of network automation company Gluware, argued that the danger is “not substantial” because if a bad actor has full access to a target environment, then the organization is already compromised and this is just one way attackers could move laterally.

Critical Start’s Callie Guenther compared it to someone having the keys to a house, where the person could either ransack the place or lock the doors and block anyone from entering.

“The issue here is that there’s a flaw in how the VPN feature, meant to secure communications, validates certain attributes. If an attacker can exploit this flaw, by tricking the system or having control over a specific server, they could potentially take complete control of the device or shut it down, causing disruptions,” Guenther said.

While the flaw is hard to exploit, Viakoo’s John Gallagher noted that if done properly, hackers would gain full control of a router. This week, cybersecurity officials in the U.S. and Japan warned that Chinese government hackers were targeting routers made by Cisco and others in espionage attacks.

“Many organizations have poor physical security control (think of tailgating incidents) where a threat actor could gain physical access to the target environment,” Gallagher said. “Without question this vulnerability is serious and both actions to physically secure the target environment and remediate the vulnerability should be taken.”

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Hackers steal user database from European telecommunications standards body

Next Post

European hotel chain stops ransomware attack by quick response

Related Posts

Third-Party ChatGPT Plugins Could Lead to Account Takeovers

Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive data. According to new research published by Salt Labs, security flaws found directly in ChatGPT and within the ecosystem could allow attackers to install malicious plugins without users' consent
Omega Balla
Read More

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted
Read More