CVE-2023-20253

CWE-286CWE-399CWE-798Hard-coded CredentialsCWE-862Missing Authorization4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 99.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Sd-wan VmanageCisco Cisco Sd-wan VmanageCisco Catalyst Sd-wan Manager
Timeline
PublishedSep 27

Description

A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to improper access control in the cli-management interface of an affected system. An attacker with low-privilege (read only) access to the cli could exploit this vulnerability by sending a request to roll ba

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

NVDcisco/sd-wan_vmanage< 20.6.2+1
CVEListV5cisco/cisco_sd-wan_vmanage71 versions+70

🔴Vulnerability Details

2
CVEList
CVE-2023-20253: A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypas2023-09-27
GHSA
GHSA-p5q8-553c-rh75: A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypas2023-09-27

📋Vendor Advisories

1
Cisco
Cisco Catalyst SD-WAN Manager Vulnerabilities2023-09-27
CVE-2023-20253 (MEDIUM CVSS 5.5) | A vulnerability in the command line | cvebase.io