CVE-2023-20066Relative Path Traversal in Cisco IOS XE Software

CWE-23Relative Path TraversalCWE-22Path Traversal4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 32.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOS XE SoftwareCisco IOS XE
Timeline
PublishedMar 23

Description

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security configuration. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to files that are outside the filesystem mountpoint of the web

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/ios_xe16.12.3, 17.3.2, 17.6.2+2

🔴Vulnerability Details

2
CVEList
Cisco IOS XE Software Web UI Path Traversal Vulnerability2023-03-23
GHSA
GHSA-8cqx-pw8x-gx2v: A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resou2023-03-23

📋Vendor Advisories

1
Cisco
Cisco IOS XE Software Web UI Path Traversal Vulnerability2023-03-22
CVE-2023-20066 — Relative Path Traversal in Cisco | cvebase