Home / Threat Intelligence bulletins / Cisco patches SSH authentication and denial-of-service vulnerabilities

Target Industry

Indiscriminate, opportunistic targeting.


Cisco disclosed two vulnerabilities pertaining to Cisco StarOS Software and the Cisco Broadworks Network Server. The former is affected by a key-based SSH authentication privilege escalation vulnerability, tracked as CVE-2023-20046 (CVSS score: 8.8), whereas the latter by a TCP denial-of-service (DoS) vulnerability, tracked as CVE-2023-20125 (CVSS score: 8.6).


– Successful exploitation of CVE-2023-20046 allows an authenticated, remote threat actor to elevate privileges on an affected device due to insufficient validation of user-supplied credentials.
– Successful exploitation of CVE-2023-20125allows an unauthenticated, remote threat actor to exhaust system resources and cause a denial of service (DoS) condition.

Vulnerability Detection

Cisco has released a patch for these vulnerabilities as it relates to the respective product versions. As such, previous versions are vulnerable to potential exploit.

Affected Products


– ASR 5000 Series Routers
– Virtualized Packet Core – Distributed Instance (VPC-DI)
– Virtualized Packet Core – Single Instance (VPC-SI)


– Cisco BroadWorks Network Server devices operating software versions 22.0, 23.0, or Release Independent (RI) with the default configuration.

Containment, Mitigations & Remediations

It is strongly recommended that users of the respective Cisco products apply the relevant software updates to address these vulnerabilities. The respective updates can be found at the Cisco Advisories for both CVE-2023-20046 and CVE-2023-20125.

It should be noted that a Proof-of-Concept (PoC) has been developed for CVE-2023-20046. However, at the time of writing, neither vulnerability has been reported to have been maliciously exploited in the wild.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available at this time.

Threat Landscape

Cisco has a significant proportion of the enterprise network infrastructure market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Cisco products have become a prime target. Due to the fact that Cisco products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive data contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

TA0004– Privilege Escalation

Privilege Escalation Technique:
T1068 – Exploitation for Privilege Escalation

TA0040 – Impact

Impact Technique:
T1499– Endpoint Denial of Service

Further Information

Security Online Report

Intelligence Terminology Yardstick