7.2
CVE-2023-20273
- EPSS 92.04%
- Published 25.10.2023 18:17:23
- Last modified 02.04.2025 18:19:40
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Ios Xe Version >= 16.12 < 16.12.10a
Cisco ≫ Catalyst 3650 Version-
Cisco ≫ Catalyst 3650-12x48fd-e Version-
Cisco ≫ Catalyst 3650-12x48fd-l Version-
Cisco ≫ Catalyst 3650-12x48fd-s Version-
Cisco ≫ Catalyst 3650-12x48uq Version-
Cisco ≫ Catalyst 3650-12x48uq-e Version-
Cisco ≫ Catalyst 3650-12x48uq-l Version-
Cisco ≫ Catalyst 3650-12x48uq-s Version-
Cisco ≫ Catalyst 3650-12x48ur Version-
Cisco ≫ Catalyst 3650-12x48ur-e Version-
Cisco ≫ Catalyst 3650-12x48ur-l Version-
Cisco ≫ Catalyst 3650-12x48ur-s Version-
Cisco ≫ Catalyst 3650-12x48uz Version-
Cisco ≫ Catalyst 3650-12x48uz-e Version-
Cisco ≫ Catalyst 3650-12x48uz-l Version-
Cisco ≫ Catalyst 3650-12x48uz-s Version-
Cisco ≫ Catalyst 3650-24pd Version-
Cisco ≫ Catalyst 3650-24pd-e Version-
Cisco ≫ Catalyst 3650-24pd-l Version-
Cisco ≫ Catalyst 3650-24pd-s Version-
Cisco ≫ Catalyst 3650-24pdm Version-
Cisco ≫ Catalyst 3650-24pdm-e Version-
Cisco ≫ Catalyst 3650-24pdm-l Version-
Cisco ≫ Catalyst 3650-24pdm-s Version-
Cisco ≫ Catalyst 3650-24ps-e Version-
Cisco ≫ Catalyst 3650-24ps-l Version-
Cisco ≫ Catalyst 3650-24ps-s Version-
Cisco ≫ Catalyst 3650-24td-e Version-
Cisco ≫ Catalyst 3650-24td-l Version-
Cisco ≫ Catalyst 3650-24td-s Version-
Cisco ≫ Catalyst 3650-24ts-e Version-
Cisco ≫ Catalyst 3650-24ts-l Version-
Cisco ≫ Catalyst 3650-24ts-s Version-
Cisco ≫ Catalyst 3650-48fd-e Version-
Cisco ≫ Catalyst 3650-48fd-l Version-
Cisco ≫ Catalyst 3650-48fd-s Version-
Cisco ≫ Catalyst 3650-48fq Version-
Cisco ≫ Catalyst 3650-48fq-e Version-
Cisco ≫ Catalyst 3650-48fq-l Version-
Cisco ≫ Catalyst 3650-48fq-s Version-
Cisco ≫ Catalyst 3650-48fqm Version-
Cisco ≫ Catalyst 3650-48fqm-e Version-
Cisco ≫ Catalyst 3650-48fqm-l Version-
Cisco ≫ Catalyst 3650-48fqm-s Version-
Cisco ≫ Catalyst 3650-48fs-e Version-
Cisco ≫ Catalyst 3650-48fs-l Version-
Cisco ≫ Catalyst 3650-48fs-s Version-
Cisco ≫ Catalyst 3650-48pd-e Version-
Cisco ≫ Catalyst 3650-48pd-l Version-
Cisco ≫ Catalyst 3650-48pd-s Version-
Cisco ≫ Catalyst 3650-48pq-e Version-
Cisco ≫ Catalyst 3650-48pq-l Version-
Cisco ≫ Catalyst 3650-48pq-s Version-
Cisco ≫ Catalyst 3650-48ps-e Version-
Cisco ≫ Catalyst 3650-48ps-l Version-
Cisco ≫ Catalyst 3650-48ps-s Version-
Cisco ≫ Catalyst 3650-48td-e Version-
Cisco ≫ Catalyst 3650-48td-l Version-
Cisco ≫ Catalyst 3650-48td-s Version-
Cisco ≫ Catalyst 3650-48tq-e Version-
Cisco ≫ Catalyst 3650-48tq-l Version-
Cisco ≫ Catalyst 3650-48tq-s Version-
Cisco ≫ Catalyst 3650-48ts-e Version-
Cisco ≫ Catalyst 3650-48ts-l Version-
Cisco ≫ Catalyst 3650-48ts-s Version-
Cisco ≫ Catalyst 3650-8x24pd-e Version-
Cisco ≫ Catalyst 3650-8x24pd-l Version-
Cisco ≫ Catalyst 3650-8x24pd-s Version-
Cisco ≫ Catalyst 3650-8x24uq Version-
Cisco ≫ Catalyst 3650-8x24uq-e Version-
Cisco ≫ Catalyst 3650-8x24uq-l Version-
Cisco ≫ Catalyst 3650-8x24uq-s Version-
Cisco ≫ Catalyst 3850 Version-
Cisco ≫ Catalyst 3850-12s-e Version-
Cisco ≫ Catalyst 3850-12s-s Version-
Cisco ≫ Catalyst 3850-12x48u Version-
Cisco ≫ Catalyst 3850-12xs-e Version-
Cisco ≫ Catalyst 3850-12xs-s Version-
Cisco ≫ Catalyst 3850-16xs-e Version-
Cisco ≫ Catalyst 3850-16xs-s Version-
Cisco ≫ Catalyst 3850-24p-e Version-
Cisco ≫ Catalyst 3850-24p-l Version-
Cisco ≫ Catalyst 3850-24p-s Version-
Cisco ≫ Catalyst 3850-24pw-s Version-
Cisco ≫ Catalyst 3850-24s-e Version-
Cisco ≫ Catalyst 3850-24s-s Version-
Cisco ≫ Catalyst 3850-24t-e Version-
Cisco ≫ Catalyst 3850-24t-l Version-
Cisco ≫ Catalyst 3850-24t-s Version-
Cisco ≫ Catalyst 3850-24u Version-
Cisco ≫ Catalyst 3850-24u-e Version-
Cisco ≫ Catalyst 3850-24u-l Version-
Cisco ≫ Catalyst 3850-24u-s Version-
Cisco ≫ Catalyst 3850-24xs Version-
Cisco ≫ Catalyst 3850-24xs-e Version-
Cisco ≫ Catalyst 3850-24xs-s Version-
Cisco ≫ Catalyst 3850-24xu Version-
Cisco ≫ Catalyst 3850-24xu-e Version-
Cisco ≫ Catalyst 3850-24xu-l Version-
Cisco ≫ Catalyst 3850-24xu-s Version-
Cisco ≫ Catalyst 3850-32xs-e Version-
Cisco ≫ Catalyst 3850-32xs-s Version-
Cisco ≫ Catalyst 3850-48f-e Version-
Cisco ≫ Catalyst 3850-48f-l Version-
Cisco ≫ Catalyst 3850-48f-s Version-
Cisco ≫ Catalyst 3850-48p-e Version-
Cisco ≫ Catalyst 3850-48p-l Version-
Cisco ≫ Catalyst 3850-48p-s Version-
Cisco ≫ Catalyst 3850-48pw-s Version-
Cisco ≫ Catalyst 3850-48t-e Version-
Cisco ≫ Catalyst 3850-48t-l Version-
Cisco ≫ Catalyst 3850-48t-s Version-
Cisco ≫ Catalyst 3850-48u Version-
Cisco ≫ Catalyst 3850-48u-e Version-
Cisco ≫ Catalyst 3850-48u-l Version-
Cisco ≫ Catalyst 3850-48u-s Version-
Cisco ≫ Catalyst 3850-48xs Version-
Cisco ≫ Catalyst 3850-48xs-e Version-
Cisco ≫ Catalyst 3850-48xs-f-e Version-
Cisco ≫ Catalyst 3850-48xs-f-s Version-
Cisco ≫ Catalyst 3850-48xs-s Version-
Cisco ≫ Catalyst 3850-nm-2-40g Version-
Cisco ≫ Catalyst 3850-nm-8-10g Version-
Cisco ≫ Catalyst 3650-12x48fd-e Version-
Cisco ≫ Catalyst 3650-12x48fd-l Version-
Cisco ≫ Catalyst 3650-12x48fd-s Version-
Cisco ≫ Catalyst 3650-12x48uq Version-
Cisco ≫ Catalyst 3650-12x48uq-e Version-
Cisco ≫ Catalyst 3650-12x48uq-l Version-
Cisco ≫ Catalyst 3650-12x48uq-s Version-
Cisco ≫ Catalyst 3650-12x48ur Version-
Cisco ≫ Catalyst 3650-12x48ur-e Version-
Cisco ≫ Catalyst 3650-12x48ur-l Version-
Cisco ≫ Catalyst 3650-12x48ur-s Version-
Cisco ≫ Catalyst 3650-12x48uz Version-
Cisco ≫ Catalyst 3650-12x48uz-e Version-
Cisco ≫ Catalyst 3650-12x48uz-l Version-
Cisco ≫ Catalyst 3650-12x48uz-s Version-
Cisco ≫ Catalyst 3650-24pd Version-
Cisco ≫ Catalyst 3650-24pd-e Version-
Cisco ≫ Catalyst 3650-24pd-l Version-
Cisco ≫ Catalyst 3650-24pd-s Version-
Cisco ≫ Catalyst 3650-24pdm Version-
Cisco ≫ Catalyst 3650-24pdm-e Version-
Cisco ≫ Catalyst 3650-24pdm-l Version-
Cisco ≫ Catalyst 3650-24pdm-s Version-
Cisco ≫ Catalyst 3650-24ps-e Version-
Cisco ≫ Catalyst 3650-24ps-l Version-
Cisco ≫ Catalyst 3650-24ps-s Version-
Cisco ≫ Catalyst 3650-24td-e Version-
Cisco ≫ Catalyst 3650-24td-l Version-
Cisco ≫ Catalyst 3650-24td-s Version-
Cisco ≫ Catalyst 3650-24ts-e Version-
Cisco ≫ Catalyst 3650-24ts-l Version-
Cisco ≫ Catalyst 3650-24ts-s Version-
Cisco ≫ Catalyst 3650-48fd-e Version-
Cisco ≫ Catalyst 3650-48fd-l Version-
Cisco ≫ Catalyst 3650-48fd-s Version-
Cisco ≫ Catalyst 3650-48fq Version-
Cisco ≫ Catalyst 3650-48fq-e Version-
Cisco ≫ Catalyst 3650-48fq-l Version-
Cisco ≫ Catalyst 3650-48fq-s Version-
Cisco ≫ Catalyst 3650-48fqm Version-
Cisco ≫ Catalyst 3650-48fqm-e Version-
Cisco ≫ Catalyst 3650-48fqm-l Version-
Cisco ≫ Catalyst 3650-48fqm-s Version-
Cisco ≫ Catalyst 3650-48fs-e Version-
Cisco ≫ Catalyst 3650-48fs-l Version-
Cisco ≫ Catalyst 3650-48fs-s Version-
Cisco ≫ Catalyst 3650-48pd-e Version-
Cisco ≫ Catalyst 3650-48pd-l Version-
Cisco ≫ Catalyst 3650-48pd-s Version-
Cisco ≫ Catalyst 3650-48pq-e Version-
Cisco ≫ Catalyst 3650-48pq-l Version-
Cisco ≫ Catalyst 3650-48pq-s Version-
Cisco ≫ Catalyst 3650-48ps-e Version-
Cisco ≫ Catalyst 3650-48ps-l Version-
Cisco ≫ Catalyst 3650-48ps-s Version-
Cisco ≫ Catalyst 3650-48td-e Version-
Cisco ≫ Catalyst 3650-48td-l Version-
Cisco ≫ Catalyst 3650-48td-s Version-
Cisco ≫ Catalyst 3650-48tq-e Version-
Cisco ≫ Catalyst 3650-48tq-l Version-
Cisco ≫ Catalyst 3650-48tq-s Version-
Cisco ≫ Catalyst 3650-48ts-e Version-
Cisco ≫ Catalyst 3650-48ts-l Version-
Cisco ≫ Catalyst 3650-48ts-s Version-
Cisco ≫ Catalyst 3650-8x24pd-e Version-
Cisco ≫ Catalyst 3650-8x24pd-l Version-
Cisco ≫ Catalyst 3650-8x24pd-s Version-
Cisco ≫ Catalyst 3650-8x24uq Version-
Cisco ≫ Catalyst 3650-8x24uq-e Version-
Cisco ≫ Catalyst 3650-8x24uq-l Version-
Cisco ≫ Catalyst 3650-8x24uq-s Version-
Cisco ≫ Catalyst 3850 Version-
Cisco ≫ Catalyst 3850-12s-e Version-
Cisco ≫ Catalyst 3850-12s-s Version-
Cisco ≫ Catalyst 3850-12x48u Version-
Cisco ≫ Catalyst 3850-12xs-e Version-
Cisco ≫ Catalyst 3850-12xs-s Version-
Cisco ≫ Catalyst 3850-16xs-e Version-
Cisco ≫ Catalyst 3850-16xs-s Version-
Cisco ≫ Catalyst 3850-24p-e Version-
Cisco ≫ Catalyst 3850-24p-l Version-
Cisco ≫ Catalyst 3850-24p-s Version-
Cisco ≫ Catalyst 3850-24pw-s Version-
Cisco ≫ Catalyst 3850-24s-e Version-
Cisco ≫ Catalyst 3850-24s-s Version-
Cisco ≫ Catalyst 3850-24t-e Version-
Cisco ≫ Catalyst 3850-24t-l Version-
Cisco ≫ Catalyst 3850-24t-s Version-
Cisco ≫ Catalyst 3850-24u Version-
Cisco ≫ Catalyst 3850-24u-e Version-
Cisco ≫ Catalyst 3850-24u-l Version-
Cisco ≫ Catalyst 3850-24u-s Version-
Cisco ≫ Catalyst 3850-24xs Version-
Cisco ≫ Catalyst 3850-24xs-e Version-
Cisco ≫ Catalyst 3850-24xs-s Version-
Cisco ≫ Catalyst 3850-24xu Version-
Cisco ≫ Catalyst 3850-24xu-e Version-
Cisco ≫ Catalyst 3850-24xu-l Version-
Cisco ≫ Catalyst 3850-24xu-s Version-
Cisco ≫ Catalyst 3850-32xs-e Version-
Cisco ≫ Catalyst 3850-32xs-s Version-
Cisco ≫ Catalyst 3850-48f-e Version-
Cisco ≫ Catalyst 3850-48f-l Version-
Cisco ≫ Catalyst 3850-48f-s Version-
Cisco ≫ Catalyst 3850-48p-e Version-
Cisco ≫ Catalyst 3850-48p-l Version-
Cisco ≫ Catalyst 3850-48p-s Version-
Cisco ≫ Catalyst 3850-48pw-s Version-
Cisco ≫ Catalyst 3850-48t-e Version-
Cisco ≫ Catalyst 3850-48t-l Version-
Cisco ≫ Catalyst 3850-48t-s Version-
Cisco ≫ Catalyst 3850-48u Version-
Cisco ≫ Catalyst 3850-48u-e Version-
Cisco ≫ Catalyst 3850-48u-l Version-
Cisco ≫ Catalyst 3850-48u-s Version-
Cisco ≫ Catalyst 3850-48xs Version-
Cisco ≫ Catalyst 3850-48xs-e Version-
Cisco ≫ Catalyst 3850-48xs-f-e Version-
Cisco ≫ Catalyst 3850-48xs-f-s Version-
Cisco ≫ Catalyst 3850-48xs-s Version-
Cisco ≫ Catalyst 3850-nm-2-40g Version-
Cisco ≫ Catalyst 3850-nm-8-10g Version-
23.10.2023: CISA Known Exploited Vulnerabilities (KEV) Catalog
Cisco IOS XE Web UI Command Injection Vulnerability
VulnerabilityCisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.
DescriptionVerify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.
Required actions23.10.2023: CERT.at Warnung
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 92.04% | 0.997 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| psirt@cisco.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.