CVE-2023-20109CISA KEVEPSS p81.4%

CVE-2023-20109Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability

Cisco / IOS and IOS XE

Description

Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash.

Scoring

EPSS2.34% probability of exploitation · percentile 81.4% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2023-10-10

(incoming)1

TypeTargetConfidenceTier
KEVEntryCisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerabilitykev-cve-2023-201090%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability
CVE
Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability
CVE
Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability
CVE
CVE-2025-20239
CVE
CVE-2026-20012
CVE
Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.