7.8
CVE-2023-20035
- EPSS 0.04%
- Published 23.03.2023 17:15:14
- Last modified 21.11.2024 07:40:24
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an affected device using either local terminal access or a management shell interface and then submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system. Note: For additional information about specific impacts, see the Details section of this advisory.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Ios Xe Sd-wan Version-
Cisco ≫ Catalyst 8000v Edge Version-
Cisco ≫ 1100-4g/6g Integrated Services Router Version-
Cisco ≫ 1100-4p Integrated Services Router Version-
Cisco ≫ 1100-8p Integrated Services Router Version-
Cisco ≫ 1100 Integrated Services Router Version-
Cisco ≫ 1101-4p Integrated Services Router Version-
Cisco ≫ 1101 Integrated Services Router Version-
Cisco ≫ 1109-2p Integrated Services Router Version-
Cisco ≫ 1109-4p Integrated Services Router Version-
Cisco ≫ 1109 Integrated Services Router Version-
Cisco ≫ 1120 Integrated Services Router Version-
Cisco ≫ 1131 Integrated Services Router Version-
Cisco ≫ 1160 Integrated Services Router Version-
Cisco ≫ 4221 Integrated Services Router Version-
Cisco ≫ 4321 Integrated Services Router Version-
Cisco ≫ 4331 Integrated Services Router Version-
Cisco ≫ 4351 Integrated Services Router Version-
Cisco ≫ 4431 Integrated Services Router Version-
Cisco ≫ 4451-x Integrated Services Router Version-
Cisco ≫ 4451 Integrated Services Router Version-
Cisco ≫ 4461 Integrated Services Router Version-
Cisco ≫ Asr 1001-x Version-
Cisco ≫ Asr 1002-hx Version-
Cisco ≫ Asr 1006-x Version-
Cisco ≫ Asr 1009-x Version-
Cisco ≫ Catalyst 8200 Version-
Cisco ≫ Catalyst 8300 Version-
Cisco ≫ Catalyst 8300-1n1s-4t2x Version-
Cisco ≫ Catalyst 8300-1n1s-6t Version-
Cisco ≫ Catalyst 8300-2n2s-4t2x Version-
Cisco ≫ Catalyst 8300-2n2s-6t Version-
Cisco ≫ Catalyst 8500 Version-
Cisco ≫ Catalyst 8500-4qc Version-
Cisco ≫ Catalyst 8500l Version-
Cisco ≫ Catalyst 8510csr Version-
Cisco ≫ Catalyst 8510msr Version-
Cisco ≫ Catalyst 8540csr Version-
Cisco ≫ Catalyst 8540msr Version-
Cisco ≫ Csr 1000v Version-
Cisco ≫ 1100-4g/6g Integrated Services Router Version-
Cisco ≫ 1100-4p Integrated Services Router Version-
Cisco ≫ 1100-8p Integrated Services Router Version-
Cisco ≫ 1100 Integrated Services Router Version-
Cisco ≫ 1101-4p Integrated Services Router Version-
Cisco ≫ 1101 Integrated Services Router Version-
Cisco ≫ 1109-2p Integrated Services Router Version-
Cisco ≫ 1109-4p Integrated Services Router Version-
Cisco ≫ 1109 Integrated Services Router Version-
Cisco ≫ 1120 Integrated Services Router Version-
Cisco ≫ 1131 Integrated Services Router Version-
Cisco ≫ 1160 Integrated Services Router Version-
Cisco ≫ 4221 Integrated Services Router Version-
Cisco ≫ 4321 Integrated Services Router Version-
Cisco ≫ 4331 Integrated Services Router Version-
Cisco ≫ 4351 Integrated Services Router Version-
Cisco ≫ 4431 Integrated Services Router Version-
Cisco ≫ 4451-x Integrated Services Router Version-
Cisco ≫ 4451 Integrated Services Router Version-
Cisco ≫ 4461 Integrated Services Router Version-
Cisco ≫ Asr 1001-x Version-
Cisco ≫ Asr 1002-hx Version-
Cisco ≫ Asr 1006-x Version-
Cisco ≫ Asr 1009-x Version-
Cisco ≫ Catalyst 8200 Version-
Cisco ≫ Catalyst 8300 Version-
Cisco ≫ Catalyst 8300-1n1s-4t2x Version-
Cisco ≫ Catalyst 8300-1n1s-6t Version-
Cisco ≫ Catalyst 8300-2n2s-4t2x Version-
Cisco ≫ Catalyst 8300-2n2s-6t Version-
Cisco ≫ Catalyst 8500 Version-
Cisco ≫ Catalyst 8500-4qc Version-
Cisco ≫ Catalyst 8500l Version-
Cisco ≫ Catalyst 8510csr Version-
Cisco ≫ Catalyst 8510msr Version-
Cisco ≫ Catalyst 8540csr Version-
Cisco ≫ Catalyst 8540msr Version-
Cisco ≫ Csr 1000v Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.099 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| psirt@cisco.com | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-146 Improper Neutralization of Expression/Command Delimiters
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as expression or command delimiters when they are sent to a downstream component.