Lucene search
CiscoCVE-2023-20179HistorySep 27, 2023 - 6:15 p.m.
CVE-2023-20179
2023-09-2718:15:10
CWE-80
CWE-79
cisco
web.nvd.nist.gov
41
cve-2023-20179
cisco
catalyst
sd-wan manager
web interface
vulnerability
html injection
nvd
security
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.3
Confidence
High
EPSS
0.001
Percentile
21.3%
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content.
This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application.
Affected configurations
Node
ciscosd-wan_vmanageRange<20.6.6
ORciscosd-wan_vmanageRange20.7–20.10
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | sd-wan_vmanage | * | cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco SD-WAN vManage",
"versions": [
{
"version": "20.3.1",
"status": "affected"
},
{
"version": "20.3.2",
"status": "affected"
},
{
"version": "20.3.2.1",
"status": "affected"
},
{
"version": "20.3.3",
"status": "affected"
},
{
"version": "20.3.3.1",
"status": "affected"
},
{
"version": "20.3.4",
"status": "affected"
},
{
"version": "20.3.4.1",
"status": "affected"
},
{
"version": "20.3.4.2",
"status": "affected"
},
{
"version": "20.3.5",
"status": "affected"
},
{
"version": "20.3.6",
"status": "affected"
},
{
"version": "20.3.7",
"status": "affected"
},
{
"version": "20.3.7.1",
"status": "affected"
},
{
"version": "20.3.4.3",
"status": "affected"
},
{
"version": "20.3.5.1",
"status": "affected"
},
{
"version": "20.3.7.2",
"status": "affected"
},
{
"version": "20.4.1",
"status": "affected"
},
{
"version": "20.4.1.1",
"status": "affected"
},
{
"version": "20.4.1.2",
"status": "affected"
},
{
"version": "20.4.2",
"status": "affected"
},
{
"version": "20.4.2.2",
"status": "affected"
},
{
"version": "20.4.2.1",
"status": "affected"
},
{
"version": "20.4.2.3",
"status": "affected"
},
{
"version": "20.5.1",
"status": "affected"
},
{
"version": "20.5.1.2",
"status": "affected"
},
{
"version": "20.5.1.1",
"status": "affected"
},
{
"version": "20.6.1",
"status": "affected"
},
{
"version": "20.6.1.1",
"status": "affected"
},
{
"version": "20.6.2.1",
"status": "affected"
},
{
"version": "20.6.2.2",
"status": "affected"
},
{
"version": "20.6.2",
"status": "affected"
},
{
"version": "20.6.3",
"status": "affected"
},
{
"version": "20.6.3.1",
"status": "affected"
},
{
"version": "20.6.4",
"status": "affected"
},
{
"version": "20.6.5",
"status": "affected"
},
{
"version": "20.6.5.1",
"status": "affected"
},
{
"version": "20.6.1.2",
"status": "affected"
},
{
"version": "20.6.3.2",
"status": "affected"
},
{
"version": "20.6.4.1",
"status": "affected"
},
{
"version": "20.6.5.2",
"status": "affected"
},
{
"version": "20.6.5.4",
"status": "affected"
},
{
"version": "20.6.3.3",
"status": "affected"
},
{
"version": "20.6.4.2",
"status": "affected"
},
{
"version": "20.6.3.0.45",
"status": "affected"
},
{
"version": "20.6.3.0.46",
"status": "affected"
},
{
"version": "20.6.3.0.47",
"status": "affected"
},
{
"version": "20.6.3.4",
"status": "affected"
},
{
"version": "20.6.4.0.21",
"status": "affected"
},
{
"version": "20.6.5.1.10",
"status": "affected"
},
{
"version": "20.6.5.1.7",
"status": "affected"
},
{
"version": "20.6.5.1.9",
"status": "affected"
},
{
"version": "20.6.5.2.4",
"status": "affected"
},
{
"version": "20.6.5.5",
"status": "affected"
},
{
"version": "20.7.1",
"status": "affected"
},
{
"version": "20.7.1.1",
"status": "affected"
},
{
"version": "20.7.2",
"status": "affected"
},
{
"version": "20.8.1",
"status": "affected"
},
{
"version": "20.9.1",
"status": "affected"
},
{
"version": "20.9.2",
"status": "affected"
},
{
"version": "20.9.2.1",
"status": "affected"
},
{
"version": "20.9.3",
"status": "affected"
},
{
"version": "20.9.3.1",
"status": "affected"
},
{
"version": "20.9.2.3",
"status": "affected"
},
{
"version": "20.9.3.0.12",
"status": "affected"
},
{
"version": "20.9.3.0.16",
"status": "affected"
},
{
"version": "20.9.3.0.17",
"status": "affected"
},
{
"version": "20.9.3.0.18",
"status": "affected"
},
{
"version": "20.9.3.2",
"status": "affected"
},
{
"version": "20.9.3.2_LI_Images",
"status": "affected"
},
{
"version": "20.9.4",
"status": "affected"
},
{
"version": "20.10.1",
"status": "affected"
},
{
"version": "20.10.1.1",
"status": "affected"
},
{
"version": "20.10.1.2",
"status": "affected"
},
{
"version": "20.11.1",
"status": "affected"
},
{
"version": "20.11.1.1",
"status": "affected"
},
{
"version": "20.11.1.2",
"status": "affected"
}
]
}
]Related
nessus
nessus
cnvd
cnvd
Cisco Catalyst SD-WAN Manager HTML Injection Vulnerability
2023-10-07 00:00:00
cvelist
cvelist
CVE-2023-20179
2023-09-27 17:24:32
prion
prion
Input validation
2023-09-27 18:15:00
cisco
cisco
Cisco Catalyst SD-WAN Manager Web UI HTML Injection Vulnerability
2023-09-27 16:00:00
vulnrichment
vulnrichment
CVE-2023-20179
2023-09-27 17:24:32
nvd
nvd
CVE-2023-20179
2023-09-27 18:15:10
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.3
Confidence
High
EPSS
0.001
Percentile
21.3%
Related for CVE-2023-20179