ID

VAR-202309-2716


CVE

CVE-2023-20253


TITLE

Cisco Systems  Cisco Catalyst SD-WAN Manager  and  Cisco SD-WAN vManage  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-013645

DESCRIPTION

A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to improper access control in the cli-management interface of an affected system. An attacker with low-privilege (read only) access to the cli could exploit this vulnerability by sending a request to roll back the configuration on for other controller and devices managed by an affected system. A successful exploit could allow the attacker to to roll back the configuration on for other controller and devices managed by an affected system. Cisco Systems Cisco Catalyst SD-WAN Manager and Cisco SD-WAN vManage Exists in unspecified vulnerabilities.Information may be tampered with. Cisco SD-WAN vManage is a highly customizable dashboard from the American company Cisco. Simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. Configuration on the device

Trust: 2.25

sources: NVD: CVE-2023-20253 // JVNDB: JVNDB-2023-013645 // CNVD: CNVD-2023-93331 // VULMON: CVE-2023-20253

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-93331

AFFECTED PRODUCTS

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.9

Trust: 1.6

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.11

Trust: 1.6

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.7

Trust: 1.6

vendor:ciscomodel:catalyst sd-wan managerscope:eqversion:20.8

Trust: 1.6

vendor:ciscomodel:sd-wan vmanagescope:ltversion:20.6.2

Trust: 1.6

vendor:ciscomodel:sd-wan vmanagescope:eqversion:20.10

Trust: 1.0

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion:20.6.2

Trust: 0.8

vendor:シスコシステムズmodel:cisco sd-wan vmanagescope:eqversion:20.10

Trust: 0.8

vendor:シスコシステムズmodel:cisco catalyst sd-wan managerscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2023-93331 // JVNDB: JVNDB-2023-013645 // NVD: CVE-2023-20253

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20253
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20253
value: HIGH

Trust: 1.0

NVD: CVE-2023-20253
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2023-93331
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2023-93331
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:S/C:N/I:C/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-20253
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20253
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2023-20253
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2023-93331 // JVNDB: JVNDB-2023-013645 // NVD: CVE-2023-20253 // NVD: CVE-2023-20253

PROBLEMTYPE DATA

problemtype:CWE-286

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-013645 // NVD: CVE-2023-20253

PATCH

title:cisco-sa-sdwan-vman-sc-LRLfu2zurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z

Trust: 0.8

title:Patch for Access control error vulnerability exists in Cisco SD-WAN vManageurl:https://www.cnvd.org.cn/patchInfo/show/492271

Trust: 0.6

sources: CNVD: CNVD-2023-93331 // JVNDB: JVNDB-2023-013645

EXTERNAL IDS

db:NVDid:CVE-2023-20253

Trust: 3.3

db:JVNDBid:JVNDB-2023-013645

Trust: 0.8

db:CNVDid:CNVD-2023-93331

Trust: 0.6

db:VULMONid:CVE-2023-20253

Trust: 0.1

sources: CNVD: CNVD-2023-93331 // VULMON: CVE-2023-20253 // JVNDB: JVNDB-2023-013645 // NVD: CVE-2023-20253

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2023-20253

Trust: 1.4

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-vman-sc-lrlfu2z

Trust: 1.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2023-93331 // VULMON: CVE-2023-20253 // JVNDB: JVNDB-2023-013645 // NVD: CVE-2023-20253

SOURCES

db:CNVDid:CNVD-2023-93331
db:VULMONid:CVE-2023-20253
db:JVNDBid:JVNDB-2023-013645
db:NVDid:CVE-2023-20253

LAST UPDATE DATE

2024-08-14T15:15:46.557000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-93331date:2023-11-28T00:00:00
db:VULMONid:CVE-2023-20253date:2023-09-27T00:00:00
db:JVNDBid:JVNDB-2023-013645date:2023-12-21T05:15:00
db:NVDid:CVE-2023-20253date:2024-01-25T17:15:41.443

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-93331date:2023-11-28T00:00:00
db:VULMONid:CVE-2023-20253date:2023-09-27T00:00:00
db:JVNDBid:JVNDB-2023-013645date:2023-12-21T00:00:00
db:NVDid:CVE-2023-20253date:2023-09-27T18:15:11.620