Lucene search

[email protected]CVE-2023-20029

HistoryMar 23, 2023 - 5:15 p.m.

CVE-2023-20029

2023-03-2317:15:13

CWE-122

[email protected]

web.nvd.nist.gov

cisco

ios xe

software

vulnerability

meraki

onboarding

authenticated

local attacker

root privileges

nvd

cve-2023-20029

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device. This vulnerability is due to insufficient memory protection in the Meraki onboarding feature of an affected device. An attacker could exploit this vulnerability by modifying the Meraki registration parameters. A successful exploit could allow the attacker to elevate privileges to root.

Affected configurations

NVD

Node

ciscoios_xeMatch17.7.1

ciscoios_xeMatch17.8.1

AND

ciscocatalyst_9200Match-

ciscocatalyst_9200cxMatch-

ciscocatalyst_9200lMatch-

ciscocatalyst_9300Match-

ciscocatalyst_9300-24p-aMatch-

ciscocatalyst_9300-24p-eMatch-

ciscocatalyst_9300-24s-aMatch-

ciscocatalyst_9300-24s-eMatch-

ciscocatalyst_9300-24t-aMatch-

ciscocatalyst_9300-24t-eMatch-

ciscocatalyst_9300-24u-aMatch-

ciscocatalyst_9300-24u-eMatch-

ciscocatalyst_9300-24ux-aMatch-

ciscocatalyst_9300-24ux-eMatch-

ciscocatalyst_9300-48p-aMatch-

ciscocatalyst_9300-48p-eMatch-

ciscocatalyst_9300-48s-aMatch-

ciscocatalyst_9300-48s-eMatch-

ciscocatalyst_9300-48t-aMatch-

ciscocatalyst_9300-48t-eMatch-

ciscocatalyst_9300-48u-aMatch-

ciscocatalyst_9300-48u-eMatch-

ciscocatalyst_9300-48un-aMatch-

ciscocatalyst_9300-48un-eMatch-

ciscocatalyst_9300-48uxm-aMatch-

ciscocatalyst_9300-48uxm-eMatch-

ciscocatalyst_9300lMatch-

ciscocatalyst_9300l-24p-4g-aMatch-

ciscocatalyst_9300l-24p-4g-eMatch-

ciscocatalyst_9300l-24p-4x-aMatch-

ciscocatalyst_9300l-24p-4x-eMatch-

ciscocatalyst_9300l-24t-4g-aMatch-

ciscocatalyst_9300l-24t-4g-eMatch-

ciscocatalyst_9300l-24t-4x-aMatch-

ciscocatalyst_9300l-24t-4x-eMatch-

ciscocatalyst_9300l-48p-4g-aMatch-

ciscocatalyst_9300l-48p-4g-eMatch-

ciscocatalyst_9300l-48p-4x-aMatch-

ciscocatalyst_9300l-48p-4x-eMatch-

ciscocatalyst_9300l-48t-4g-aMatch-

ciscocatalyst_9300l-48t-4g-eMatch-

ciscocatalyst_9300l-48t-4x-aMatch-

ciscocatalyst_9300l-48t-4x-eMatch-

ciscocatalyst_9300l_stackMatch-

ciscocatalyst_9300lmMatch-

ciscocatalyst_9300xMatch-

CPENameOperatorVersion
cisco:ios_xecisco ios xeeq17.7.1
cisco:ios_xecisco ios xeeq17.8.1

CPE	Name	Operator	Version
cisco:ios_xe	cisco ios xe	eq	17.7.1
cisco:ios_xe	cisco ios xe	eq	17.8.1

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco IOS XE Software ",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]