CVE-2023-20102
published 2023-04-05CVE-2023-20102: A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code…
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.00%
58.6th percentile
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to insufficient sanitization of user-provided data that is parsed into system memory. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the administrator user.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_secure_network_analytics | — | — |
| cisco | secure_network_analytics | <= 7.4.1 | — |
| cisco | secure_network_analytics | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is a crafted HTTP request to the web-based management interface of Cisco Secure Network Analytics (SMC); monitor for anomalous or malformed HTTP requests targeting the management interface from authenticated sessions. ↗
- →The vulnerability is rooted in deserialization of untrusted data (CWE-502); inspect HTTP request bodies for serialized Java/object payloads directed at the Cisco Secure Network Analytics management interface. ↗
- →Successful exploitation results in code execution as the administrator user on the underlying OS; alert on unexpected privileged process spawning from the Cisco Secure Network Analytics web service process. ↗
- ·Exploitation requires the attacker to be authenticated; prioritize detection of post-authentication anomalous activity and review for compromised credentials as a precursor. ↗
- ·No workarounds exist; the only mitigation is applying Cisco's released software updates. Unpatched devices remain fully exposed to authenticated RCE. ↗
- ·Tracked internally by Cisco as Bug ID CSCwc95889; use this identifier when cross-referencing Cisco TAC or internal patch management records. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Secure Network Analytics Remote Code Execution Vulnerability
vendor_cisco·2023-04-05·CVSS 8.8
CVE-2023-20102 [HIGH] CWE-502 Cisco Secure Network Analytics Remote Code Execution Vulnerability
Cisco Secure Network Analytics Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system.
This vulnerability is due to insufficient sanitization of user-provided data that is parsed into system memory. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the administrator user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec
Cisco
Cisco Secure Network Analytics Remote Code Execution Vulnerability
vendor_cisco·CVSS 3.1
CVE-2023-20102 Cisco Secure Network Analytics Remote Code Execution Vulnerability
CVE-2023-20102: Cisco Secure Network Analytics Remote Code Execution Vulnerability
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to insufficient sanitization of user-provided data that is parsed into system memory. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the administrator user . Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.1
CWE: CWE-502, CWE-502
Bug IDs: CSCwc95889
GHSA
GHSA-4rvx-m2x5-qg3f: A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbit
ghsa_unreviewed·2023-04-05
CVE-2023-20102 [HIGH] CWE-502 GHSA-4rvx-m2x5-qg3f: A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbit
A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to insufficient sanitization of user-provided data that is parsed into system memory. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the administrator user.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-04-05
Published