ID

VAR-202309-2668


CVE

CVE-2023-20262


TITLE

Cisco Systems  Cisco Catalyst SD-WAN Manager  and  Cisco SD-WAN vManage  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-013646

DESCRIPTION

A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected. This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system. A successful exploit could allow the attacker to cause the SSH process to crash and restart, resulting in a DoS condition for the SSH service. Cisco Systems Cisco Catalyst SD-WAN Manager and Cisco SD-WAN vManage Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-20262 // JVNDB: JVNDB-2023-013646 // VULMON: CVE-2023-20262

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:ltversion:20.9.3

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.11.1

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:gteversion:20.10

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.3.7

Trust: 1.0

vendor:ciscomodel:catalyst sd-wan managerscope:gteversion:20.4

Trust: 1.0

vendor:ciscomodel:sd-wan vmanagescope:eqversion:20.12

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion:20.10 that's all 20.11.1

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion:20.12

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion:20.3.7

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-013646 // NVD: CVE-2023-20262

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20262
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20262
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-20262
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2023-20262
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20262
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2023-20262
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-013646 // NVD: CVE-2023-20262 // NVD: CVE-2023-20262

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-013646 // NVD: CVE-2023-20262

PATCH

title:cisco-sa-sdwan-vman-sc-LRLfu2zurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z

Trust: 0.8

sources: JVNDB: JVNDB-2023-013646

EXTERNAL IDS

db:NVDid:CVE-2023-20262

Trust: 2.7

db:JVNDBid:JVNDB-2023-013646

Trust: 0.8

db:VULMONid:CVE-2023-20262

Trust: 0.1

sources: VULMON: CVE-2023-20262 // JVNDB: JVNDB-2023-013646 // NVD: CVE-2023-20262

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-vman-sc-lrlfu2z

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-20262

Trust: 0.8

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-20262 // JVNDB: JVNDB-2023-013646 // NVD: CVE-2023-20262

SOURCES

db:VULMONid:CVE-2023-20262
db:JVNDBid:JVNDB-2023-013646
db:NVDid:CVE-2023-20262

LAST UPDATE DATE

2024-08-14T15:31:50.613000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-20262date:2023-09-27T00:00:00
db:JVNDBid:JVNDB-2023-013646date:2023-12-21T05:15:00
db:NVDid:CVE-2023-20262date:2024-01-25T17:15:41.980

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-20262date:2023-09-27T00:00:00
db:JVNDBid:JVNDB-2023-013646date:2023-12-21T00:00:00
db:NVDid:CVE-2023-20262date:2023-09-27T18:15:11.757