7.1
CVE-2023-20253
- EPSS 0.01%
- Veröffentlicht 27.09.2023 18:15:11
- Zuletzt bearbeitet 21.11.2024 07:41:00
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to improper access control in the cli-management interface of an affected system. An attacker with low-privilege (read only) access to the cli could exploit this vulnerability by sending a request to roll back the configuration on for other controller and devices managed by an affected system. A successful exploit could allow the attacker to to roll back the configuration on for other controller and devices managed by an affected system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Catalyst Sd-wan Manager Version20.7
Cisco ≫ Catalyst Sd-wan Manager Version20.8
Cisco ≫ Catalyst Sd-wan Manager Version20.9
Cisco ≫ Catalyst Sd-wan Manager Version20.11
Cisco ≫ Sd-wan Vmanage Version < 20.6.2
Cisco ≫ Sd-wan Vmanage Version20.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.002 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| psirt@cisco.com | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
CWE-286 Incorrect User Management
The product does not properly manage a user within its environment.