Name of the Vulnerability

CVE ID

Affected Product

Remediation

Cisco IOS XR Software for ASR 9000 Series Routers Bidirectional Forwarding Detection Denial of Service Vulnerability

CVE-2023-20049

This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco IOS XR 64-bit Software and have BFD hardware offload enabled for any of the installed line cards:

• ASR 9000 Series Aggregation Services Routers only if they have a Lightspeed or Lightspeed-Plus-based line card installed
• ASR 9902 Compact High-Performance Routers
• ASR 9903 Compact High-Performance Routers

There are no workarounds that address these vulnerabilities.

Cisco IOS XR Software Bootloader Unauthenticated Information Disclosure Vulnerability

CVE-2023-20064

At the time of publication, this vulnerability affected the following Cisco devices if they were running a vulnerable release of Cisco IOS XR Software:

• ASR 9000 Series Aggregation Services Routers (64-bit) (CSCwd79460)
• IOS XR White box (IOSXRWBD) (CSCwd79460)
• IOS XRv 9000 Routers (CSCwd79460)
• Network Convergence System (NCS) 540 Series Routers (CSCvz42457)
• NCS 560 Series Routers (CSCvz42457)
• NCS 1001 Series Routers (CSCwd61820)
• NCS 1002 Series Routers (CSCwd61820)
• NCS 1004 Series Routers (CSCwd61802)
• NCS 5000 Series Routers (CSCvz42457)
• NCS 5500 Series Routers (CSCvz42457)
• NCS 5700 Series Routers (CSCvz42457)
• NCS 6000 Series Routers (CSCwc97332)

There are no workarounds that address this vulnerability.