CVE-2023-20113

CWE-352 — Cross-Site Request Forgery (CSRF)4 documents4 sources

Severity

8.1HIGH

EPSS

0.5%

top 35.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Sd-wan Cisco Cisco Sd-wan Vmanage

Timeline

PublishedMar 23

Description

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5cisco/cisco_sd-wan_vmanagen/a

▶NVDcisco/sd-wan< 20.6.5+2

🔴Vulnerability Details

CVEList

Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability↗2023-03-23

▶

GHSA

GHSA-4g7q-85g4-qw3w: A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cr↗2023-03-23

▶

📋Vendor Advisories

Cisco

Cisco SD-WAN vManage Software Cluster Mode Cross-Site Request Forgery Vulnerability↗2023-03-22

▶