On Sept. 27, Cisco released its latest semi-annual Security Advisory Bundled Publication. The publication detailed eight vulnerabilities affecting its IOS and IOS XE operating systems, among them CVE-2023-20109, an out-of-bounds write issue which earned a 6.6 "Medium" severity score. According to Cisco's security advisory, CVE-2023-20109 has already been the object of at least one attempted exploitation in the wild. The Flaw in Cisco's VPNCVE-2023-20109 affects Cisco's VPN feature, Group Encrypted Transport VPN (GET VPN). They can either compromise the key server and alter packets sent to group members, or they can build and install their own key server and reconfigure group members to communicate with it instead of the true key server.

Source: Punch September 29, 2023 16:55 UTC