What is CVE-2023-20051?

CVE-2023-20051 is a medium-severity vulnerability in Cisco Asr 5000 Series Software, classified under Uncontrolled Resource Consumption. CVSS score: 5.8/10. Published 2023-04-05.

How severe is CVE-2023-20051?

Medium severity. CVSS v3 base score is 5.8 out of 10.

Resource exhaustion in Cisco Asr 5000 Series Software

CVE-2023-20051

A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due t…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.005 (65.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L.

Affected products

Cisco Asr 5000 Series Software — versions n/a

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

20230405 Cisco Packet Data Network Gateway IPsec ICMP Denial of Service Vulnerability (vendor-advisory)

Frequently asked questions

What is CVE-2023-20051?: CVE-2023-20051 is a medium-severity vulnerability in Cisco Asr 5000 Series Software, classified under Uncontrolled Resource Consumption. CVSS score: 5.8/10. Published 2023-04-05.
How severe is CVE-2023-20051?: Medium severity. CVSS v3 base score is 5.8 out of 10.