CVE-2023-20081: 
Cisco Adaptive Security Appliance (ASA) vulnerability analysis and mitigation

A vulnerability (CVE-2023-20081) was discovered in the IPv6 DHCP (DHCPv6) client module affecting multiple Cisco products including Adaptive Security Appliance (ASA) Software, Firepower Threat Defense (FTD) Software, IOS Software, and IOS XE Software. The vulnerability was disclosed on March 22, 2023, and is identified as CWE-122 (Heap-based Buffer Overflow) (Cisco Advisory).

The vulnerability stems from insufficient validation of DHCPv6 messages in the affected systems. It has received a CVSS Base Score of 6.8 (Medium) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H. The vulnerability was discovered during internal security testing by X.B. of the Cisco Advanced Security Initiatives Group (ASIG) (Cisco Advisory).

A successful exploitation of this vulnerability could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition by forcing the affected device to reload (CVE).

Cisco has released software updates that address this vulnerability. There are no workarounds available that address this vulnerability. To determine if a system is affected, administrators can use the show running-config CLI command to check for interfaces that have both the ipv6 enable command and the ipv6 address dhcp command enabled (Cisco Advisory).