October 2, 2023 | Cisco has identified and released patches for a vulnerability (CVE-2023-20109) affecting the Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software. The flaw has a CVSS severity score of 6.6 out of 10, and a successful exploit could allow an attacker to execute arbitrary code and gain full control of the affected system or cause it to reload, resulting in a denial of service (DoS) condition. While the vulnerability is serious, experts note that a successful exploit would require a hacker to be deeply embedded in an organization’s systems, making it likely that the bug would be used for privilege escalation in an already-compromised system.
Read full article
