cbcvebase.
CVE-2023-20231
published 2023-09-27

CVE-2023-20231: A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device…

PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.74%
50.0th percentile
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default.

Affected

135 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software
ciscocisco_ios_xe_software

Detection & IOCsextracted from sources · hover to see the quote

  • Exploitation requires an authenticated session using Lobby Ambassador account credentials sent via crafted input to the Cisco IOS XE Web UI, resulting in CLI command execution at privilege level 15
  • Exploitation is only possible via the Lobby Ambassador account — monitor for unexpected use or creation of this non-default account on Cisco IOS XE devices as a precursor indicator
  • Track Cisco Bug ID CSCwe12578 for patch and detection signature updates related to this vulnerability
  • ·The Lobby Ambassador account is not present by default; the attack surface only exists on devices where this account has been explicitly configured. Audit all IOS XE devices for the presence of this account.
  • ·No workarounds are available; remediation requires applying Cisco-released software updates.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_cisco8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.