Cisco VPN Clients Affected by DoS Vulnerability

CVECVE-2023-21547
CVSScvssV3_1: 7.5
SourceCVE-2023-21547

Cisco VPN clients are affected by a denial of service vulnerability in the Internet Key Exchange (IKE) protocol. IKE is the protocol used to set up a secure VPN tunnel between the client and VPN server.

Attackers can cause a DoS by sending specially crafted IKE messages to the client, causing it to consume resources and hang. This would prevent legitimate users from connecting to the VPN.

The vulnerability has been assigned the identifier CVE-2023-21547 and has a CVSS score of 7.5, making it an important issue to patch.

If you use a Cisco VPN client to remotely access your work network, make sure to update to the latest version as soon as updates are available. Check with your IT department to ensure your client has the fix applied. Using an up-to-date version protects your connection from being disrupted by attackers exploiting this flaw.

It’s also a good idea to use multi-factor authentication with your VPN if possible, making it harder for hackers to access even if they can cause an outage. Staying on top of software updates helps keep your VPN secure against known issues like this one.

References