Login Sign Up

CVE-2023-20049

8.6 HIGH
Denial of Service

📋 TL;DR

An unauthenticated remote attacker can send crafted IPv4 BFD packets to cause line card resets on affected Cisco routers, resulting in denial of service. This affects Cisco ASR 9000, ASR 9902, and ASR 9903 routers running IOS XR Software with BFD hardware offload enabled.

💻 Affected Systems

Products:
  • Cisco ASR 9000 Series Aggregation Services Routers
  • Cisco ASR 9902 Compact High-Performance Routers
  • Cisco ASR 9903 Compact High-Performance Routers
Versions: Cisco IOS XR Software releases prior to the fixed versions
Operating Systems: Cisco IOS XR
Default Config Vulnerable: ✅ No
Notes: Only vulnerable when BFD hardware offload feature is enabled on line cards

📦 What is this software?

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

Ios Xr by Cisco

View all CVEs affecting Ios Xr →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Multiple line cards reset simultaneously, causing widespread network outages and traffic loss across the affected router

🟠

Likely Case

Individual line card resets causing localized DoS for traffic passing through that specific card

🟢

If Mitigated

No impact if BFD hardware offload is disabled or devices are patched

🌐 Internet-Facing: HIGH - Attackers can exploit remotely without authentication
🏢 Internal Only: MEDIUM - Internal attackers could still cause DoS but require network access

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending malformed BFD packets to vulnerable devices

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Cisco Security Advisory for specific fixed releases

Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bfd-XmRescbT

Restart Required: Yes

Instructions:

1. Review Cisco Security Advisory for fixed releases. 2. Upgrade IOS XR Software to recommended version. 3. Reload affected line cards after upgrade.

🔧 Temporary Workarounds

Disable BFD Hardware Offload

cisco-ios-xr

Disable the BFD hardware offload feature on vulnerable line cards

configure
bfd
no hw-offload

🧯 If You Can't Patch

  • Disable BFD hardware offload on all vulnerable line cards
  • Implement network segmentation to restrict BFD traffic to trusted sources

🔍 How to Verify

Check if Vulnerable:

Check if BFD hardware offload is enabled: 'show bfd hw-offload' and verify IOS XR version against advisory

Check Version:

show version

Verify Fix Applied:

Verify IOS XR version is at or above fixed release and BFD hardware offload status

📡 Detection & Monitoring

Log Indicators:

  • Line card reset messages
  • BFD protocol errors
  • Hardware exception logs

Network Indicators:

  • Unexpected BFD packet floods
  • Line card interface flapping

SIEM Query:

source="cisco-router" AND ("line card reset" OR "BFD error" OR "hardware exception")

📊 Metadata

CVE ID: CVE-2023-20049
CVSS v3 Score: 8.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE: CWE-805
Published: March 9, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-20049, you might also want to check these:

CVE-2025-23319 8.1

NVIDIA Triton Inference Server's Python backend has a buffer overflow vulnerability where specially ...

Same vulnerability type (CWE-805)
CVE-2025-38743 7.8

Dell iDRAC Service Module (iSM) versions before 6.0.3.0 contain a buffer length validation vulnerabi...

Same vulnerability type (CWE-805)
CVE-2025-20169 7.7

A vulnerability in Cisco IOS and IOS XE SNMP subsystems allows authenticated remote attackers to cau...

Same vulnerability type (CWE-805)