CVE-2023-20083
Summary
A vulnerability in Cisco Firepower Threat Defense (FTD) Software, specifically with the Snort 2 detection engine and ICMPv6 inspection, can allow an unauthenticated remote attacker to cause a denial of service (DoS) by spiking CPU usage to 100%. This occurs due to improper error checking when parsing ICMPv6 headers, and exploitation requires sending a crafted ICMPv6 packet.
IFF Assessment
This vulnerability allows an attacker to disrupt network traffic and cause denial of service, directly impacting the availability of security devices.
Severity
Defender Context
Defenders should prioritize patching or updating Cisco FTD devices to mitigate this vulnerability, as a successful exploit could lead to complete traffic processing failure. Monitoring for unusual ICMPv6 traffic patterns might also be an indicator of attempted exploitation.