CVE-2023-20261Improper Access Control in Cisco Sd-wan Vmanage

CWE-284Improper Access ControlCWE-95Eval Injection5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 68.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Sd-wan VmanageCisco Catalyst Sd-wan Manager
Timeline
PublishedOct 18

Description

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file syst

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDcisco/catalyst_sd-wan_manager99 versions+98
CVEListV5cisco/cisco_sd-wan_vmanage99 versions+98

🔴Vulnerability Details

3
CVEList
CVE-2023-20261: A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affec2023-10-18
GHSA
GHSA-5948-mwp6-h3vh: A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affec2023-10-18
GHSA
xwiki-platform-administration-ui vulnerable to privilege escalation2023-04-12

📋Vendor Advisories

1
Cisco
Cisco Catalyst SD-WAN Manager Local File Inclusion Vulnerability2023-10-18
CVE-2023-20261 — Improper Access Control in Cisco | cvebase