CVE-2023-20262

EPSS 0.32%
Veröffentlicht 27.09.2023 18:15:11
Zuletzt bearbeitet 21.11.2024 07:41:01
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected.

 This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system. A successful exploit could allow the attacker to cause the SSH process to crash and restart, resulting in a DoS condition for the SSH service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Catalyst Sd-wan Manager Version >= 20.4 < 20.9.3

Cisco ≫ Sd-wan Vmanage Version < 20.3.7

Cisco ≫ Sd-wan Vmanage Version >= 20.10 < 20.11.1

Cisco ≫ Sd-wan Vmanage Version20.12

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.522

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
psirt@cisco.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-20262

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-20262

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-20262

EUVD