Lucene search

K
cve[email protected]CVE-2023-20256
HistoryNov 01, 2023 - 5:15 p.m.

CVE-2023-20256

2023-11-0117:15:11
CWE-290
web.nvd.nist.gov
29
cve
2023
20256
cisco
asa
ftd
per-user-override
acl
bypass
vulnerability
nvd

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.8%

Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected.

Affected configurations

NVD
Node
ciscoadaptive_security_appliance_softwareMatch9.8.4.22
OR
ciscoadaptive_security_appliance_softwareMatch9.8.4.25
OR
ciscoadaptive_security_appliance_softwareMatch9.8.4.26
OR
ciscoadaptive_security_appliance_softwareMatch9.8.4.29
OR
ciscoadaptive_security_appliance_softwareMatch9.8.4.32
OR
ciscoadaptive_security_appliance_softwareMatch9.8.4.33
OR
ciscoadaptive_security_appliance_softwareMatch9.8.4.34
OR
ciscoadaptive_security_appliance_softwareMatch9.8.4.35
OR
ciscoadaptive_security_appliance_softwareMatch9.8.4.39
OR
ciscoadaptive_security_appliance_softwareMatch9.8.4.40
OR
ciscoadaptive_security_appliance_softwareMatch9.8.4.41
OR
ciscoadaptive_security_appliance_softwareMatch9.8.4.43
OR
ciscoadaptive_security_appliance_softwareMatch9.8.4.44
OR
ciscoadaptive_security_appliance_softwareMatch9.8.4.45
OR
ciscoadaptive_security_appliance_softwareMatch9.8.4.46
OR
ciscoadaptive_security_appliance_softwareMatch9.8.4.48
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.2
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.4
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.7
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.8
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.10
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.13
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.18
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.24
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.26
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.29
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.30
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.35
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.37
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.38
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.39
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.40
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.41
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.47
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.48
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.50
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.52
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.54
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.55
OR
ciscoadaptive_security_appliance_softwareMatch9.12.4.56
OR
ciscoadaptive_security_appliance_softwareMatch9.14.1.10
OR
ciscoadaptive_security_appliance_softwareMatch9.14.1.15
OR
ciscoadaptive_security_appliance_softwareMatch9.14.1.19
OR
ciscoadaptive_security_appliance_softwareMatch9.14.1.30
OR
ciscoadaptive_security_appliance_softwareMatch9.14.2
OR
ciscoadaptive_security_appliance_softwareMatch9.14.2.4
OR
ciscoadaptive_security_appliance_softwareMatch9.14.2.8
OR
ciscoadaptive_security_appliance_softwareMatch9.14.2.13
OR
ciscoadaptive_security_appliance_softwareMatch9.14.2.15
OR
ciscoadaptive_security_appliance_softwareMatch9.14.3
OR
ciscoadaptive_security_appliance_softwareMatch9.14.3.1
OR
ciscoadaptive_security_appliance_softwareMatch9.14.3.9
OR
ciscoadaptive_security_appliance_softwareMatch9.14.3.11
OR
ciscoadaptive_security_appliance_softwareMatch9.14.3.13
OR
ciscoadaptive_security_appliance_softwareMatch9.14.3.15
OR
ciscoadaptive_security_appliance_softwareMatch9.14.3.18
OR
ciscoadaptive_security_appliance_softwareMatch9.14.4
OR
ciscoadaptive_security_appliance_softwareMatch9.14.4.6
OR
ciscoadaptive_security_appliance_softwareMatch9.14.4.7
OR
ciscoadaptive_security_appliance_softwareMatch9.14.4.12
OR
ciscoadaptive_security_appliance_softwareMatch9.14.4.13
OR
ciscoadaptive_security_appliance_softwareMatch9.14.4.14
OR
ciscoadaptive_security_appliance_softwareMatch9.14.4.15
OR
ciscoadaptive_security_appliance_softwareMatch9.14.4.17
OR
ciscoadaptive_security_appliance_softwareMatch9.14.4.22
OR
ciscoadaptive_security_appliance_softwareMatch9.14.4.23
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1.1
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1.7
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1.10
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1.15
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1.16
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1.17
OR
ciscoadaptive_security_appliance_softwareMatch9.15.1.21
OR
ciscoadaptive_security_appliance_softwareMatch9.16.1
OR
ciscoadaptive_security_appliance_softwareMatch9.16.1.28
OR
ciscoadaptive_security_appliance_softwareMatch9.16.2
OR
ciscoadaptive_security_appliance_softwareMatch9.16.2.3
OR
ciscoadaptive_security_appliance_softwareMatch9.16.2.7
OR
ciscoadaptive_security_appliance_softwareMatch9.16.2.11
OR
ciscoadaptive_security_appliance_softwareMatch9.16.2.13
OR
ciscoadaptive_security_appliance_softwareMatch9.16.2.14
OR
ciscoadaptive_security_appliance_softwareMatch9.16.3
OR
ciscoadaptive_security_appliance_softwareMatch9.16.3.3
OR
ciscoadaptive_security_appliance_softwareMatch9.16.3.14
OR
ciscoadaptive_security_appliance_softwareMatch9.16.3.15
OR
ciscoadaptive_security_appliance_softwareMatch9.16.3.19
OR
ciscoadaptive_security_appliance_softwareMatch9.16.3.23
OR
ciscoadaptive_security_appliance_softwareMatch9.16.4
OR
ciscoadaptive_security_appliance_softwareMatch9.16.4.9
OR
ciscoadaptive_security_appliance_softwareMatch9.16.4.14
OR
ciscoadaptive_security_appliance_softwareMatch9.17.1
OR
ciscoadaptive_security_appliance_softwareMatch9.17.1.7
OR
ciscoadaptive_security_appliance_softwareMatch9.17.1.9
OR
ciscoadaptive_security_appliance_softwareMatch9.17.1.10
OR
ciscoadaptive_security_appliance_softwareMatch9.17.1.11
OR
ciscoadaptive_security_appliance_softwareMatch9.17.1.13
OR
ciscoadaptive_security_appliance_softwareMatch9.17.1.15
OR
ciscoadaptive_security_appliance_softwareMatch9.17.1.20
OR
ciscoadaptive_security_appliance_softwareMatch9.17.1.30
OR
ciscoadaptive_security_appliance_softwareMatch9.18.1
OR
ciscoadaptive_security_appliance_softwareMatch9.18.1.3
OR
ciscoadaptive_security_appliance_softwareMatch9.18.2
OR
ciscoadaptive_security_appliance_softwareMatch9.18.2.5
OR
ciscoadaptive_security_appliance_softwareMatch9.18.2.7
OR
ciscoadaptive_security_appliance_softwareMatch9.18.2.8
OR
ciscoadaptive_security_appliance_softwareMatch9.18.3
OR
ciscoadaptive_security_appliance_softwareMatch9.19.1
OR
ciscoadaptive_security_appliance_softwareMatch9.19.1.5
Node
ciscofirepower_threat_defenseMatch6.2.3.16
OR
ciscofirepower_threat_defenseMatch6.2.3.17
OR
ciscofirepower_threat_defenseMatch6.2.3.18
OR
ciscofirepower_threat_defenseMatch6.4.0.10
OR
ciscofirepower_threat_defenseMatch6.4.0.11
OR
ciscofirepower_threat_defenseMatch6.4.0.12
OR
ciscofirepower_threat_defenseMatch6.4.0.13
OR
ciscofirepower_threat_defenseMatch6.4.0.14
OR
ciscofirepower_threat_defenseMatch6.4.0.15
OR
ciscofirepower_threat_defenseMatch6.4.0.16
OR
ciscofirepower_threat_defenseMatch6.6.1
OR
ciscofirepower_threat_defenseMatch6.6.3
OR
ciscofirepower_threat_defenseMatch6.6.4
OR
ciscofirepower_threat_defenseMatch6.6.5
OR
ciscofirepower_threat_defenseMatch6.6.5.1
OR
ciscofirepower_threat_defenseMatch6.6.5.2
OR
ciscofirepower_threat_defenseMatch6.6.7
OR
ciscofirepower_threat_defenseMatch6.6.7.1
OR
ciscofirepower_threat_defenseMatch6.7.0
OR
ciscofirepower_threat_defenseMatch6.7.0.1
OR
ciscofirepower_threat_defenseMatch6.7.0.2
OR
ciscofirepower_threat_defenseMatch6.7.0.3
OR
ciscofirepower_threat_defenseMatch7.0.0
OR
ciscofirepower_threat_defenseMatch7.0.0.1
OR
ciscofirepower_threat_defenseMatch7.0.1
OR
ciscofirepower_threat_defenseMatch7.0.1.1
OR
ciscofirepower_threat_defenseMatch7.0.2
OR
ciscofirepower_threat_defenseMatch7.0.2.1
OR
ciscofirepower_threat_defenseMatch7.0.3
OR
ciscofirepower_threat_defenseMatch7.0.4
OR
ciscofirepower_threat_defenseMatch7.0.5
OR
ciscofirepower_threat_defenseMatch7.1.0
OR
ciscofirepower_threat_defenseMatch7.1.0.1
OR
ciscofirepower_threat_defenseMatch7.1.0.2
OR
ciscofirepower_threat_defenseMatch7.1.0.3
OR
ciscofirepower_threat_defenseMatch7.2.0
OR
ciscofirepower_threat_defenseMatch7.2.0.1
OR
ciscofirepower_threat_defenseMatch7.2.1
OR
ciscofirepower_threat_defenseMatch7.2.2
OR
ciscofirepower_threat_defenseMatch7.2.3
OR
ciscofirepower_threat_defenseMatch7.3.0
OR
ciscofirepower_threat_defenseMatch7.3.1
OR
ciscofirepower_threat_defenseMatch7.3.1.1

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Adaptive Security Appliance (ASA) Software",
    "versions": [
      {
        "version": "9.8.4.25",
        "status": "affected"
      },
      {
        "version": "9.8.4.22",
        "status": "affected"
      },
      {
        "version": "9.8.4.26",
        "status": "affected"
      },
      {
        "version": "9.8.4.29",
        "status": "affected"
      },
      {
        "version": "9.8.4.32",
        "status": "affected"
      },
      {
        "version": "9.8.4.33",
        "status": "affected"
      },
      {
        "version": "9.8.4.34",
        "status": "affected"
      },
      {
        "version": "9.8.4.35",
        "status": "affected"
      },
      {
        "version": "9.8.4.39",
        "status": "affected"
      },
      {
        "version": "9.8.4.40",
        "status": "affected"
      },
      {
        "version": "9.8.4.41",
        "status": "affected"
      },
      {
        "version": "9.8.4.43",
        "status": "affected"
      },
      {
        "version": "9.8.4.44",
        "status": "affected"
      },
      {
        "version": "9.8.4.45",
        "status": "affected"
      },
      {
        "version": "9.8.4.46",
        "status": "affected"
      },
      {
        "version": "9.8.4.48",
        "status": "affected"
      },
      {
        "version": "9.12.4.2",
        "status": "affected"
      },
      {
        "version": "9.12.4.4",
        "status": "affected"
      },
      {
        "version": "9.12.4.7",
        "status": "affected"
      },
      {
        "version": "9.12.4.10",
        "status": "affected"
      },
      {
        "version": "9.12.4.13",
        "status": "affected"
      },
      {
        "version": "9.12.4.8",
        "status": "affected"
      },
      {
        "version": "9.12.4.18",
        "status": "affected"
      },
      {
        "version": "9.12.4.24",
        "status": "affected"
      },
      {
        "version": "9.12.4.26",
        "status": "affected"
      },
      {
        "version": "9.12.4.29",
        "status": "affected"
      },
      {
        "version": "9.12.4.30",
        "status": "affected"
      },
      {
        "version": "9.12.4.35",
        "status": "affected"
      },
      {
        "version": "9.12.4.37",
        "status": "affected"
      },
      {
        "version": "9.12.4.38",
        "status": "affected"
      },
      {
        "version": "9.12.4.39",
        "status": "affected"
      },
      {
        "version": "9.12.4.40",
        "status": "affected"
      },
      {
        "version": "9.12.4.41",
        "status": "affected"
      },
      {
        "version": "9.12.4.47",
        "status": "affected"
      },
      {
        "version": "9.12.4.48",
        "status": "affected"
      },
      {
        "version": "9.12.4.50",
        "status": "affected"
      },
      {
        "version": "9.12.4.52",
        "status": "affected"
      },
      {
        "version": "9.12.4.54",
        "status": "affected"
      },
      {
        "version": "9.12.4.55",
        "status": "affected"
      },
      {
        "version": "9.12.4.56",
        "status": "affected"
      },
      {
        "version": "9.14.1.10",
        "status": "affected"
      },
      {
        "version": "9.14.1.15",
        "status": "affected"
      },
      {
        "version": "9.14.1.19",
        "status": "affected"
      },
      {
        "version": "9.14.1.30",
        "status": "affected"
      },
      {
        "version": "9.14.2",
        "status": "affected"
      },
      {
        "version": "9.14.2.4",
        "status": "affected"
      },
      {
        "version": "9.14.2.8",
        "status": "affected"
      },
      {
        "version": "9.14.2.13",
        "status": "affected"
      },
      {
        "version": "9.14.2.15",
        "status": "affected"
      },
      {
        "version": "9.14.3",
        "status": "affected"
      },
      {
        "version": "9.14.3.1",
        "status": "affected"
      },
      {
        "version": "9.14.3.9",
        "status": "affected"
      },
      {
        "version": "9.14.3.11",
        "status": "affected"
      },
      {
        "version": "9.14.3.13",
        "status": "affected"
      },
      {
        "version": "9.14.3.18",
        "status": "affected"
      },
      {
        "version": "9.14.3.15",
        "status": "affected"
      },
      {
        "version": "9.14.4",
        "status": "affected"
      },
      {
        "version": "9.14.4.6",
        "status": "affected"
      },
      {
        "version": "9.14.4.7",
        "status": "affected"
      },
      {
        "version": "9.14.4.12",
        "status": "affected"
      },
      {
        "version": "9.14.4.13",
        "status": "affected"
      },
      {
        "version": "9.14.4.14",
        "status": "affected"
      },
      {
        "version": "9.14.4.15",
        "status": "affected"
      },
      {
        "version": "9.14.4.17",
        "status": "affected"
      },
      {
        "version": "9.14.4.22",
        "status": "affected"
      },
      {
        "version": "9.14.4.23",
        "status": "affected"
      },
      {
        "version": "9.15.1",
        "status": "affected"
      },
      {
        "version": "9.15.1.7",
        "status": "affected"
      },
      {
        "version": "9.15.1.10",
        "status": "affected"
      },
      {
        "version": "9.15.1.15",
        "status": "affected"
      },
      {
        "version": "9.15.1.16",
        "status": "affected"
      },
      {
        "version": "9.15.1.17",
        "status": "affected"
      },
      {
        "version": "9.15.1.1",
        "status": "affected"
      },
      {
        "version": "9.15.1.21",
        "status": "affected"
      },
      {
        "version": "9.16.1",
        "status": "affected"
      },
      {
        "version": "9.16.1.28",
        "status": "affected"
      },
      {
        "version": "9.16.2",
        "status": "affected"
      },
      {
        "version": "9.16.2.3",
        "status": "affected"
      },
      {
        "version": "9.16.2.7",
        "status": "affected"
      },
      {
        "version": "9.16.2.11",
        "status": "affected"
      },
      {
        "version": "9.16.2.13",
        "status": "affected"
      },
      {
        "version": "9.16.2.14",
        "status": "affected"
      },
      {
        "version": "9.16.3",
        "status": "affected"
      },
      {
        "version": "9.16.3.3",
        "status": "affected"
      },
      {
        "version": "9.16.3.14",
        "status": "affected"
      },
      {
        "version": "9.16.3.15",
        "status": "affected"
      },
      {
        "version": "9.16.3.19",
        "status": "affected"
      },
      {
        "version": "9.16.3.23",
        "status": "affected"
      },
      {
        "version": "9.16.4",
        "status": "affected"
      },
      {
        "version": "9.16.4.9",
        "status": "affected"
      },
      {
        "version": "9.16.4.14",
        "status": "affected"
      },
      {
        "version": "9.17.1",
        "status": "affected"
      },
      {
        "version": "9.17.1.7",
        "status": "affected"
      },
      {
        "version": "9.17.1.9",
        "status": "affected"
      },
      {
        "version": "9.17.1.10",
        "status": "affected"
      },
      {
        "version": "9.17.1.11",
        "status": "affected"
      },
      {
        "version": "9.17.1.13",
        "status": "affected"
      },
      {
        "version": "9.17.1.15",
        "status": "affected"
      },
      {
        "version": "9.17.1.20",
        "status": "affected"
      },
      {
        "version": "9.17.1.30",
        "status": "affected"
      },
      {
        "version": "9.18.1",
        "status": "affected"
      },
      {
        "version": "9.18.1.3",
        "status": "affected"
      },
      {
        "version": "9.18.2",
        "status": "affected"
      },
      {
        "version": "9.18.2.5",
        "status": "affected"
      },
      {
        "version": "9.18.2.7",
        "status": "affected"
      },
      {
        "version": "9.18.2.8",
        "status": "affected"
      },
      {
        "version": "9.18.3",
        "status": "affected"
      },
      {
        "version": "9.19.1",
        "status": "affected"
      },
      {
        "version": "9.19.1.5",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Cisco",
    "product": "Cisco Firepower Threat Defense Software",
    "versions": [
      {
        "version": "6.2.3.16",
        "status": "affected"
      },
      {
        "version": "6.2.3.17",
        "status": "affected"
      },
      {
        "version": "6.2.3.18",
        "status": "affected"
      },
      {
        "version": "6.6.1",
        "status": "affected"
      },
      {
        "version": "6.6.3",
        "status": "affected"
      },
      {
        "version": "6.6.4",
        "status": "affected"
      },
      {
        "version": "6.6.5",
        "status": "affected"
      },
      {
        "version": "6.6.5.1",
        "status": "affected"
      },
      {
        "version": "6.6.5.2",
        "status": "affected"
      },
      {
        "version": "6.6.7",
        "status": "affected"
      },
      {
        "version": "6.6.7.1",
        "status": "affected"
      },
      {
        "version": "6.4.0.10",
        "status": "affected"
      },
      {
        "version": "6.4.0.11",
        "status": "affected"
      },
      {
        "version": "6.4.0.12",
        "status": "affected"
      },
      {
        "version": "6.4.0.13",
        "status": "affected"
      },
      {
        "version": "6.4.0.14",
        "status": "affected"
      },
      {
        "version": "6.4.0.15",
        "status": "affected"
      },
      {
        "version": "6.4.0.16",
        "status": "affected"
      },
      {
        "version": "6.7.0",
        "status": "affected"
      },
      {
        "version": "6.7.0.1",
        "status": "affected"
      },
      {
        "version": "6.7.0.2",
        "status": "affected"
      },
      {
        "version": "6.7.0.3",
        "status": "affected"
      },
      {
        "version": "7.0.0",
        "status": "affected"
      },
      {
        "version": "7.0.0.1",
        "status": "affected"
      },
      {
        "version": "7.0.1",
        "status": "affected"
      },
      {
        "version": "7.0.1.1",
        "status": "affected"
      },
      {
        "version": "7.0.2",
        "status": "affected"
      },
      {
        "version": "7.0.2.1",
        "status": "affected"
      },
      {
        "version": "7.0.3",
        "status": "affected"
      },
      {
        "version": "7.0.4",
        "status": "affected"
      },
      {
        "version": "7.0.5",
        "status": "affected"
      },
      {
        "version": "7.1.0",
        "status": "affected"
      },
      {
        "version": "7.1.0.1",
        "status": "affected"
      },
      {
        "version": "7.1.0.2",
        "status": "affected"
      },
      {
        "version": "7.1.0.3",
        "status": "affected"
      },
      {
        "version": "7.2.0",
        "status": "affected"
      },
      {
        "version": "7.2.0.1",
        "status": "affected"
      },
      {
        "version": "7.2.1",
        "status": "affected"
      },
      {
        "version": "7.2.2",
        "status": "affected"
      },
      {
        "version": "7.2.3",
        "status": "affected"
      },
      {
        "version": "7.3.0",
        "status": "affected"
      },
      {
        "version": "7.3.1",
        "status": "affected"
      },
      {
        "version": "7.3.1.1",
        "status": "affected"
      }
    ]
  }
]

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.8%

Related for CVE-2023-20256