Lucene search
HistorySep 27, 2023 - 6:15 p.m.
CVE-2023-20231
cisco
ios xe
software
vulnerability
web ui
injection attack
nvd
cve-2023-20231
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.8%
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.
Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default.
Affected configurations
Node
ciscoios_xeMatch16.12.4
ORciscoios_xeMatch16.12.4a
ORciscoios_xeMatch16.12.5
ORciscoios_xeMatch16.12.5a
ORciscoios_xeMatch16.12.5b
ORciscoios_xeMatch16.12.6
ORciscoios_xeMatch16.12.6a
ORciscoios_xeMatch16.12.7
ORciscoios_xeMatch16.12.8
ORciscoios_xeMatch16.12.9
ORciscoios_xeMatch17.2.2
ORciscoios_xeMatch17.2.3
ORciscoios_xeMatch17.3.1
ORciscoios_xeMatch17.3.1a
ORciscoios_xeMatch17.3.1w
ORciscoios_xeMatch17.3.1x
ORciscoios_xeMatch17.3.1z
ORciscoios_xeMatch17.3.2
ORciscoios_xeMatch17.3.3
ORciscoios_xeMatch17.3.4
ORciscoios_xeMatch17.3.4a
ORciscoios_xeMatch17.3.4b
ORciscoios_xeMatch17.3.4c
ORciscoios_xeMatch17.3.5
ORciscoios_xeMatch17.3.5a
ORciscoios_xeMatch17.3.5b
ORciscoios_xeMatch17.3.6
ORciscoios_xeMatch17.4.1
ORciscoios_xeMatch17.4.1a
ORciscoios_xeMatch17.4.1b
ORciscoios_xeMatch17.4.2
ORciscoios_xeMatch17.4.2a
ORciscoios_xeMatch17.5.1
ORciscoios_xeMatch17.5.1a
ORciscoios_xeMatch17.5.1b
ORciscoios_xeMatch17.5.1c
ORciscoios_xeMatch17.6.1
ORciscoios_xeMatch17.6.1.z
ORciscoios_xeMatch17.6.1a
ORciscoios_xeMatch17.6.1w
ORciscoios_xeMatch17.6.1x
ORciscoios_xeMatch17.6.1y
ORciscoios_xeMatch17.6.1z1
ORciscoios_xeMatch17.6.2
ORciscoios_xeMatch17.6.3
ORciscoios_xeMatch17.6.3a
ORciscoios_xeMatch17.6.4
ORciscoios_xeMatch17.6.5
ORciscoios_xeMatch17.7.1
ORciscoios_xeMatch17.7.1a
ORciscoios_xeMatch17.7.1b
ORciscoios_xeMatch17.7.2
ORciscoios_xeMatch17.8.1
ORciscoios_xeMatch17.8.1a
ORciscoios_xeMatch17.9.1
ORciscoios_xeMatch17.9.1a
ORciscoios_xeMatch17.9.1w
ORciscoios_xeMatch17.9.1x
ORciscoios_xeMatch17.9.1x1
ORciscoios_xeMatch17.9.1y
ORciscoios_xeMatch17.9.2
ORciscoios_xeMatch17.9.2a
ORciscoios_xeMatch17.9.2b
ORciscoios_xeMatch17.10.1
ORciscoios_xeMatch17.10.1a
ORciscoios_xeMatch17.10.1b
ORciscoios_xeMatch17.91w
ciscocatalyst_9105axMatch-
ORciscocatalyst_9105axiMatch-
ORciscocatalyst_9105axwMatch-
ORciscocatalyst_9115axMatch-
ORciscocatalyst_9115axeMatch-
ORciscocatalyst_9115axiMatch-
ORciscocatalyst_9117axMatch-
ORciscocatalyst_9117axiMatch-
ORciscocatalyst_9120axMatch-
ORciscocatalyst_9120axeMatch-
ORciscocatalyst_9120axiMatch-
ORciscocatalyst_9120axpMatch-
ORciscocatalyst_9124axMatch-
ORciscocatalyst_9124axdMatch-
ORciscocatalyst_9124axiMatch-
ORciscocatalyst_9130axMatch-
ORciscocatalyst_9130axeMatch-
ORciscocatalyst_9130axiMatch-
ORciscocatalyst_9300Match-
ORciscocatalyst_9300-24p-aMatch-
ORciscocatalyst_9300-24p-eMatch-
ORciscocatalyst_9300-24s-aMatch-
ORciscocatalyst_9300-24s-eMatch-
ORciscocatalyst_9300-24t-aMatch-
ORciscocatalyst_9300-24t-eMatch-
ORciscocatalyst_9300-24u-aMatch-
ORciscocatalyst_9300-24u-eMatch-
ORciscocatalyst_9300-24ux-aMatch-
ORciscocatalyst_9300-24ux-eMatch-
ORciscocatalyst_9300-48p-aMatch-
ORciscocatalyst_9300-48p-eMatch-
ORciscocatalyst_9300-48s-aMatch-
ORciscocatalyst_9300-48s-eMatch-
ORciscocatalyst_9300-48t-aMatch-
ORciscocatalyst_9300-48t-eMatch-
ORciscocatalyst_9300-48u-aMatch-
ORciscocatalyst_9300-48u-eMatch-
ORciscocatalyst_9300-48un-aMatch-
ORciscocatalyst_9300-48un-eMatch-
ORciscocatalyst_9300-48uxm-aMatch-
ORciscocatalyst_9300-48uxm-eMatch-
ORciscocatalyst_9300lMatch-
ORciscocatalyst_9300l-24p-4g-aMatch-
ORciscocatalyst_9300l-24p-4g-eMatch-
ORciscocatalyst_9300l-24p-4x-aMatch-
ORciscocatalyst_9300l-24p-4x-eMatch-
ORciscocatalyst_9300l-24t-4g-aMatch-
ORciscocatalyst_9300l-24t-4g-eMatch-
ORciscocatalyst_9300l-24t-4x-aMatch-
ORciscocatalyst_9300l-24t-4x-eMatch-
ORciscocatalyst_9300l-48p-4g-aMatch-
ORciscocatalyst_9300l-48p-4g-eMatch-
ORciscocatalyst_9300l-48p-4x-aMatch-
ORciscocatalyst_9300l-48p-4x-eMatch-
ORciscocatalyst_9300l-48t-4g-aMatch-
ORciscocatalyst_9300l-48t-4g-eMatch-
ORciscocatalyst_9300l-48t-4x-aMatch-
ORciscocatalyst_9300l-48t-4x-eMatch-
ORciscocatalyst_9300l_stackMatch-
ORciscocatalyst_9300lmMatch-
ORciscocatalyst_9300xMatch-
ORciscocatalyst_9400Match-
ORciscocatalyst_9407rMatch-
ORciscocatalyst_9410rMatch-
ORciscocatalyst_9500Match-
ORciscocatalyst_9500hMatch-
ORciscocatalyst_9800Match-
ORciscocatalyst_9800-40Match-
ORciscocatalyst_9800-80Match-
ORciscocatalyst_9800-clMatch-
ORciscocatalyst_9800-lMatch-
ORciscocatalyst_9800-l-cMatch-
ORciscocatalyst_9800-l-fMatch-
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco IOS XE Software",
"versions": [
{
"version": "16.12.8",
"status": "affected"
},
{
"version": "16.12.4",
"status": "affected"
},
{
"version": "16.12.4a",
"status": "affected"
},
{
"version": "16.12.5",
"status": "affected"
},
{
"version": "16.12.6",
"status": "affected"
},
{
"version": "16.12.5a",
"status": "affected"
},
{
"version": "16.12.5b",
"status": "affected"
},
{
"version": "16.12.6a",
"status": "affected"
},
{
"version": "16.12.7",
"status": "affected"
},
{
"version": "16.12.9",
"status": "affected"
},
{
"version": "17.2.2",
"status": "affected"
},
{
"version": "17.2.3",
"status": "affected"
},
{
"version": "17.3.1",
"status": "affected"
},
{
"version": "17.3.2",
"status": "affected"
},
{
"version": "17.3.3",
"status": "affected"
},
{
"version": "17.3.1a",
"status": "affected"
},
{
"version": "17.3.1w",
"status": "affected"
},
{
"version": "17.3.2a",
"status": "affected"
},
{
"version": "17.3.1x",
"status": "affected"
},
{
"version": "17.3.1z",
"status": "affected"
},
{
"version": "17.3.4",
"status": "affected"
},
{
"version": "17.3.5",
"status": "affected"
},
{
"version": "17.3.4a",
"status": "affected"
},
{
"version": "17.3.6",
"status": "affected"
},
{
"version": "17.3.4b",
"status": "affected"
},
{
"version": "17.3.4c",
"status": "affected"
},
{
"version": "17.3.5a",
"status": "affected"
},
{
"version": "17.3.5b",
"status": "affected"
},
{
"version": "17.4.1",
"status": "affected"
},
{
"version": "17.4.2",
"status": "affected"
},
{
"version": "17.4.1a",
"status": "affected"
},
{
"version": "17.4.1b",
"status": "affected"
},
{
"version": "17.4.2a",
"status": "affected"
},
{
"version": "17.5.1",
"status": "affected"
},
{
"version": "17.5.1a",
"status": "affected"
},
{
"version": "17.5.1b",
"status": "affected"
},
{
"version": "17.5.1c",
"status": "affected"
},
{
"version": "17.6.1",
"status": "affected"
},
{
"version": "17.6.2",
"status": "affected"
},
{
"version": "17.6.1w",
"status": "affected"
},
{
"version": "17.6.1a",
"status": "affected"
},
{
"version": "17.6.1x",
"status": "affected"
},
{
"version": "17.6.3",
"status": "affected"
},
{
"version": "17.6.1y",
"status": "affected"
},
{
"version": "17.6.1z",
"status": "affected"
},
{
"version": "17.6.3a",
"status": "affected"
},
{
"version": "17.6.4",
"status": "affected"
},
{
"version": "17.6.1z1",
"status": "affected"
},
{
"version": "17.6.5",
"status": "affected"
},
{
"version": "17.6.5a",
"status": "affected"
},
{
"version": "17.7.1",
"status": "affected"
},
{
"version": "17.7.1a",
"status": "affected"
},
{
"version": "17.7.1b",
"status": "affected"
},
{
"version": "17.7.2",
"status": "affected"
},
{
"version": "17.10.1",
"status": "affected"
},
{
"version": "17.10.1a",
"status": "affected"
},
{
"version": "17.10.1b",
"status": "affected"
},
{
"version": "17.8.1",
"status": "affected"
},
{
"version": "17.8.1a",
"status": "affected"
},
{
"version": "17.9.1",
"status": "affected"
},
{
"version": "17.9.1w",
"status": "affected"
},
{
"version": "17.9.2",
"status": "affected"
},
{
"version": "17.9.1a",
"status": "affected"
},
{
"version": "17.9.1x",
"status": "affected"
},
{
"version": "17.9.1y",
"status": "affected"
},
{
"version": "17.9.2a",
"status": "affected"
},
{
"version": "17.9.1x1",
"status": "affected"
}
]
}
]Related
prion
prion
Input validation
2023-09-27 18:15:00
cisco
cisco
Cisco IOS XE Software Web UI Command Injection Vulnerability
2023-09-27 16:00:00
nessus
nessus
nvd
nvd
CVE-2023-20231
2023-09-27 18:15:11
cvelist
cvelist
CVE-2023-20231
2023-09-27 17:19:17
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.8%
Related for CVE-2023-20231