How severe is CVE-2023-20027?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2023-20027?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2023-20027 - HIGH Severity | CVSS 8.6

Vulnerability Description

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large packets that occurs when VFR is enabled on either a tunnel interface or on a physical interface that is configured with a maximum transmission unit (MTU) greater than 4,615 bytes. An attacker could exploit this vulnerability by sending fragmented packets through a VFR-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

Related Vulnerabilities

CVE-2020-6554

HIGH

CVSS:8.6(High)

Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.

CWE-4162020

CVE-2021-21138

HIGH

CVSS:8.6(High)

Use after free in DevTools in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform a sandbox escape via a crafted file.

CWE-4162021

CVE-2021-21202

HIGH

CVSS:8.6(High)

Use after free in extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chro...

CWE-4162021

CVE-2021-21207

HIGH

CVSS:8.6(High)

Use after free in IndexedDB in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrom...

CWE-4162021

CVE-2024-4771

HIGH

CVSS:8.6(High)

A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulne...

CWE-4162024

CVE-2025-0151

HIGH

CVSS:8.5(High)

Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.

CWE-4162025