ID
VAR-202309-2742
CVE
CVE-2023-20252
DESCRIPTION
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application
Trust: 0.99
sources:
NVD: CVE-2023-20252 //
VULMON: CVE-2023-20252
AFFECTED PRODUCTS
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | eq | version: | 20.9.3.2 | Trust: 1.0 |
| vendor: | cisco | model: | catalyst sd-wan manager | scope: | eq | version: | 20.11.1.2 | Trust: 1.0 |
sources:
NVD: CVE-2023-20252
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||
|
|
sources:
NVD: CVE-2023-20252 //
NVD: CVE-2023-20252
PROBLEMTYPE DATA
| problemtype: | CWE-862 | Trust: 1.0 |
| problemtype: | CWE-287 | Trust: 1.0 |
sources:
NVD: CVE-2023-20252
EXTERNAL IDS
| db: | NVD | id: | CVE-2023-20252 | Trust: 1.1 |
| db: | VULMON | id: | CVE-2023-20252 | Trust: 0.1 |
sources:
VULMON: CVE-2023-20252 //
NVD: CVE-2023-20252
REFERENCES
| url: | https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sdwan-vman-sc-lrlfu2z | Trust: 1.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
VULMON: CVE-2023-20252 //
NVD: CVE-2023-20252
SOURCES
| db: | VULMON | id: | CVE-2023-20252 |
| db: | NVD | id: | CVE-2023-20252 |
LAST UPDATE DATE
2024-08-14T15:26:24.208000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2023-20252 | date: | 2023-09-27T00:00:00 |
| db: | NVD | id: | CVE-2023-20252 | date: | 2024-01-25T17:15:41.360 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2023-20252 | date: | 2023-09-27T00:00:00 |
| db: | NVD | id: | CVE-2023-20252 | date: | 2023-09-27T18:15:11.553 |