Lucene search
HistoryNov 01, 2023 - 5:15 p.m.
CVE-2023-20256
cve
2023
20256
cisco
asa
ftd
per-user-override
acl
bypass
vulnerability
nvd
5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.9%
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected.
Affected configurations
Node
ciscoadaptive_security_appliance_softwareMatch9.8.4.22
ORciscoadaptive_security_appliance_softwareMatch9.8.4.25
ORciscoadaptive_security_appliance_softwareMatch9.8.4.26
ORciscoadaptive_security_appliance_softwareMatch9.8.4.29
ORciscoadaptive_security_appliance_softwareMatch9.8.4.32
ORciscoadaptive_security_appliance_softwareMatch9.8.4.33
ORciscoadaptive_security_appliance_softwareMatch9.8.4.34
ORciscoadaptive_security_appliance_softwareMatch9.8.4.35
ORciscoadaptive_security_appliance_softwareMatch9.8.4.39
ORciscoadaptive_security_appliance_softwareMatch9.8.4.40
ORciscoadaptive_security_appliance_softwareMatch9.8.4.41
ORciscoadaptive_security_appliance_softwareMatch9.8.4.43
ORciscoadaptive_security_appliance_softwareMatch9.8.4.44
ORciscoadaptive_security_appliance_softwareMatch9.8.4.45
ORciscoadaptive_security_appliance_softwareMatch9.8.4.46
ORciscoadaptive_security_appliance_softwareMatch9.8.4.48
ORciscoadaptive_security_appliance_softwareMatch9.12.4.2
ORciscoadaptive_security_appliance_softwareMatch9.12.4.4
ORciscoadaptive_security_appliance_softwareMatch9.12.4.7
ORciscoadaptive_security_appliance_softwareMatch9.12.4.8
ORciscoadaptive_security_appliance_softwareMatch9.12.4.10
ORciscoadaptive_security_appliance_softwareMatch9.12.4.13
ORciscoadaptive_security_appliance_softwareMatch9.12.4.18
ORciscoadaptive_security_appliance_softwareMatch9.12.4.24
ORciscoadaptive_security_appliance_softwareMatch9.12.4.26
ORciscoadaptive_security_appliance_softwareMatch9.12.4.29
ORciscoadaptive_security_appliance_softwareMatch9.12.4.30
ORciscoadaptive_security_appliance_softwareMatch9.12.4.35
ORciscoadaptive_security_appliance_softwareMatch9.12.4.37
ORciscoadaptive_security_appliance_softwareMatch9.12.4.38
ORciscoadaptive_security_appliance_softwareMatch9.12.4.39
ORciscoadaptive_security_appliance_softwareMatch9.12.4.40
ORciscoadaptive_security_appliance_softwareMatch9.12.4.41
ORciscoadaptive_security_appliance_softwareMatch9.12.4.47
ORciscoadaptive_security_appliance_softwareMatch9.12.4.48
ORciscoadaptive_security_appliance_softwareMatch9.12.4.50
ORciscoadaptive_security_appliance_softwareMatch9.12.4.52
ORciscoadaptive_security_appliance_softwareMatch9.12.4.54
ORciscoadaptive_security_appliance_softwareMatch9.12.4.55
ORciscoadaptive_security_appliance_softwareMatch9.12.4.56
ORciscoadaptive_security_appliance_softwareMatch9.14.1.10
ORciscoadaptive_security_appliance_softwareMatch9.14.1.15
ORciscoadaptive_security_appliance_softwareMatch9.14.1.19
ORciscoadaptive_security_appliance_softwareMatch9.14.1.30
ORciscoadaptive_security_appliance_softwareMatch9.14.2
ORciscoadaptive_security_appliance_softwareMatch9.14.2.4
ORciscoadaptive_security_appliance_softwareMatch9.14.2.8
ORciscoadaptive_security_appliance_softwareMatch9.14.2.13
ORciscoadaptive_security_appliance_softwareMatch9.14.2.15
ORciscoadaptive_security_appliance_softwareMatch9.14.3
ORciscoadaptive_security_appliance_softwareMatch9.14.3.1
ORciscoadaptive_security_appliance_softwareMatch9.14.3.9
ORciscoadaptive_security_appliance_softwareMatch9.14.3.11
ORciscoadaptive_security_appliance_softwareMatch9.14.3.13
ORciscoadaptive_security_appliance_softwareMatch9.14.3.15
ORciscoadaptive_security_appliance_softwareMatch9.14.3.18
ORciscoadaptive_security_appliance_softwareMatch9.14.4
ORciscoadaptive_security_appliance_softwareMatch9.14.4.6
ORciscoadaptive_security_appliance_softwareMatch9.14.4.7
ORciscoadaptive_security_appliance_softwareMatch9.14.4.12
ORciscoadaptive_security_appliance_softwareMatch9.14.4.13
ORciscoadaptive_security_appliance_softwareMatch9.14.4.14
ORciscoadaptive_security_appliance_softwareMatch9.14.4.15
ORciscoadaptive_security_appliance_softwareMatch9.14.4.17
ORciscoadaptive_security_appliance_softwareMatch9.14.4.22
ORciscoadaptive_security_appliance_softwareMatch9.14.4.23
ORciscoadaptive_security_appliance_softwareMatch9.15.1
ORciscoadaptive_security_appliance_softwareMatch9.15.1.1
ORciscoadaptive_security_appliance_softwareMatch9.15.1.7
ORciscoadaptive_security_appliance_softwareMatch9.15.1.10
ORciscoadaptive_security_appliance_softwareMatch9.15.1.15
ORciscoadaptive_security_appliance_softwareMatch9.15.1.16
ORciscoadaptive_security_appliance_softwareMatch9.15.1.17
ORciscoadaptive_security_appliance_softwareMatch9.15.1.21
ORciscoadaptive_security_appliance_softwareMatch9.16.1
ORciscoadaptive_security_appliance_softwareMatch9.16.1.28
ORciscoadaptive_security_appliance_softwareMatch9.16.2
ORciscoadaptive_security_appliance_softwareMatch9.16.2.3
ORciscoadaptive_security_appliance_softwareMatch9.16.2.7
ORciscoadaptive_security_appliance_softwareMatch9.16.2.11
ORciscoadaptive_security_appliance_softwareMatch9.16.2.13
ORciscoadaptive_security_appliance_softwareMatch9.16.2.14
ORciscoadaptive_security_appliance_softwareMatch9.16.3
ORciscoadaptive_security_appliance_softwareMatch9.16.3.3
ORciscoadaptive_security_appliance_softwareMatch9.16.3.14
ORciscoadaptive_security_appliance_softwareMatch9.16.3.15
ORciscoadaptive_security_appliance_softwareMatch9.16.3.19
ORciscoadaptive_security_appliance_softwareMatch9.16.3.23
ORciscoadaptive_security_appliance_softwareMatch9.16.4
ORciscoadaptive_security_appliance_softwareMatch9.16.4.9
ORciscoadaptive_security_appliance_softwareMatch9.16.4.14
ORciscoadaptive_security_appliance_softwareMatch9.17.1
ORciscoadaptive_security_appliance_softwareMatch9.17.1.7
ORciscoadaptive_security_appliance_softwareMatch9.17.1.9
ORciscoadaptive_security_appliance_softwareMatch9.17.1.10
ORciscoadaptive_security_appliance_softwareMatch9.17.1.11
ORciscoadaptive_security_appliance_softwareMatch9.17.1.13
ORciscoadaptive_security_appliance_softwareMatch9.17.1.15
ORciscoadaptive_security_appliance_softwareMatch9.17.1.20
ORciscoadaptive_security_appliance_softwareMatch9.17.1.30
ORciscoadaptive_security_appliance_softwareMatch9.18.1
ORciscoadaptive_security_appliance_softwareMatch9.18.1.3
ORciscoadaptive_security_appliance_softwareMatch9.18.2
ORciscoadaptive_security_appliance_softwareMatch9.18.2.5
ORciscoadaptive_security_appliance_softwareMatch9.18.2.7
ORciscoadaptive_security_appliance_softwareMatch9.18.2.8
ORciscoadaptive_security_appliance_softwareMatch9.18.3
ORciscoadaptive_security_appliance_softwareMatch9.19.1
ORciscoadaptive_security_appliance_softwareMatch9.19.1.5
Node
ciscofirepower_threat_defenseMatch6.2.3.16
ORciscofirepower_threat_defenseMatch6.2.3.17
ORciscofirepower_threat_defenseMatch6.2.3.18
ORciscofirepower_threat_defenseMatch6.4.0.10
ORciscofirepower_threat_defenseMatch6.4.0.11
ORciscofirepower_threat_defenseMatch6.4.0.12
ORciscofirepower_threat_defenseMatch6.4.0.13
ORciscofirepower_threat_defenseMatch6.4.0.14
ORciscofirepower_threat_defenseMatch6.4.0.15
ORciscofirepower_threat_defenseMatch6.4.0.16
ORciscofirepower_threat_defenseMatch6.6.1
ORciscofirepower_threat_defenseMatch6.6.3
ORciscofirepower_threat_defenseMatch6.6.4
ORciscofirepower_threat_defenseMatch6.6.5
ORciscofirepower_threat_defenseMatch6.6.5.1
ORciscofirepower_threat_defenseMatch6.6.5.2
ORciscofirepower_threat_defenseMatch6.6.7
ORciscofirepower_threat_defenseMatch6.6.7.1
ORciscofirepower_threat_defenseMatch6.7.0
ORciscofirepower_threat_defenseMatch6.7.0.1
ORciscofirepower_threat_defenseMatch6.7.0.2
ORciscofirepower_threat_defenseMatch6.7.0.3
ORciscofirepower_threat_defenseMatch7.0.0
ORciscofirepower_threat_defenseMatch7.0.0.1
ORciscofirepower_threat_defenseMatch7.0.1
ORciscofirepower_threat_defenseMatch7.0.1.1
ORciscofirepower_threat_defenseMatch7.0.2
ORciscofirepower_threat_defenseMatch7.0.2.1
ORciscofirepower_threat_defenseMatch7.0.3
ORciscofirepower_threat_defenseMatch7.0.4
ORciscofirepower_threat_defenseMatch7.0.5
ORciscofirepower_threat_defenseMatch7.1.0
ORciscofirepower_threat_defenseMatch7.1.0.1
ORciscofirepower_threat_defenseMatch7.1.0.2
ORciscofirepower_threat_defenseMatch7.1.0.3
ORciscofirepower_threat_defenseMatch7.2.0
ORciscofirepower_threat_defenseMatch7.2.0.1
ORciscofirepower_threat_defenseMatch7.2.1
ORciscofirepower_threat_defenseMatch7.2.2
ORciscofirepower_threat_defenseMatch7.2.3
ORciscofirepower_threat_defenseMatch7.3.0
ORciscofirepower_threat_defenseMatch7.3.1
ORciscofirepower_threat_defenseMatch7.3.1.1
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco Adaptive Security Appliance (ASA) Software",
"versions": [
{
"version": "9.8.4.25",
"status": "affected"
},
{
"version": "9.8.4.22",
"status": "affected"
},
{
"version": "9.8.4.26",
"status": "affected"
},
{
"version": "9.8.4.29",
"status": "affected"
},
{
"version": "9.8.4.32",
"status": "affected"
},
{
"version": "9.8.4.33",
"status": "affected"
},
{
"version": "9.8.4.34",
"status": "affected"
},
{
"version": "9.8.4.35",
"status": "affected"
},
{
"version": "9.8.4.39",
"status": "affected"
},
{
"version": "9.8.4.40",
"status": "affected"
},
{
"version": "9.8.4.41",
"status": "affected"
},
{
"version": "9.8.4.43",
"status": "affected"
},
{
"version": "9.8.4.44",
"status": "affected"
},
{
"version": "9.8.4.45",
"status": "affected"
},
{
"version": "9.8.4.46",
"status": "affected"
},
{
"version": "9.8.4.48",
"status": "affected"
},
{
"version": "9.12.4.2",
"status": "affected"
},
{
"version": "9.12.4.4",
"status": "affected"
},
{
"version": "9.12.4.7",
"status": "affected"
},
{
"version": "9.12.4.10",
"status": "affected"
},
{
"version": "9.12.4.13",
"status": "affected"
},
{
"version": "9.12.4.8",
"status": "affected"
},
{
"version": "9.12.4.18",
"status": "affected"
},
{
"version": "9.12.4.24",
"status": "affected"
},
{
"version": "9.12.4.26",
"status": "affected"
},
{
"version": "9.12.4.29",
"status": "affected"
},
{
"version": "9.12.4.30",
"status": "affected"
},
{
"version": "9.12.4.35",
"status": "affected"
},
{
"version": "9.12.4.37",
"status": "affected"
},
{
"version": "9.12.4.38",
"status": "affected"
},
{
"version": "9.12.4.39",
"status": "affected"
},
{
"version": "9.12.4.40",
"status": "affected"
},
{
"version": "9.12.4.41",
"status": "affected"
},
{
"version": "9.12.4.47",
"status": "affected"
},
{
"version": "9.12.4.48",
"status": "affected"
},
{
"version": "9.12.4.50",
"status": "affected"
},
{
"version": "9.12.4.52",
"status": "affected"
},
{
"version": "9.12.4.54",
"status": "affected"
},
{
"version": "9.12.4.55",
"status": "affected"
},
{
"version": "9.12.4.56",
"status": "affected"
},
{
"version": "9.14.1.10",
"status": "affected"
},
{
"version": "9.14.1.15",
"status": "affected"
},
{
"version": "9.14.1.19",
"status": "affected"
},
{
"version": "9.14.1.30",
"status": "affected"
},
{
"version": "9.14.2",
"status": "affected"
},
{
"version": "9.14.2.4",
"status": "affected"
},
{
"version": "9.14.2.8",
"status": "affected"
},
{
"version": "9.14.2.13",
"status": "affected"
},
{
"version": "9.14.2.15",
"status": "affected"
},
{
"version": "9.14.3",
"status": "affected"
},
{
"version": "9.14.3.1",
"status": "affected"
},
{
"version": "9.14.3.9",
"status": "affected"
},
{
"version": "9.14.3.11",
"status": "affected"
},
{
"version": "9.14.3.13",
"status": "affected"
},
{
"version": "9.14.3.18",
"status": "affected"
},
{
"version": "9.14.3.15",
"status": "affected"
},
{
"version": "9.14.4",
"status": "affected"
},
{
"version": "9.14.4.6",
"status": "affected"
},
{
"version": "9.14.4.7",
"status": "affected"
},
{
"version": "9.14.4.12",
"status": "affected"
},
{
"version": "9.14.4.13",
"status": "affected"
},
{
"version": "9.14.4.14",
"status": "affected"
},
{
"version": "9.14.4.15",
"status": "affected"
},
{
"version": "9.14.4.17",
"status": "affected"
},
{
"version": "9.14.4.22",
"status": "affected"
},
{
"version": "9.14.4.23",
"status": "affected"
},
{
"version": "9.15.1",
"status": "affected"
},
{
"version": "9.15.1.7",
"status": "affected"
},
{
"version": "9.15.1.10",
"status": "affected"
},
{
"version": "9.15.1.15",
"status": "affected"
},
{
"version": "9.15.1.16",
"status": "affected"
},
{
"version": "9.15.1.17",
"status": "affected"
},
{
"version": "9.15.1.1",
"status": "affected"
},
{
"version": "9.15.1.21",
"status": "affected"
},
{
"version": "9.16.1",
"status": "affected"
},
{
"version": "9.16.1.28",
"status": "affected"
},
{
"version": "9.16.2",
"status": "affected"
},
{
"version": "9.16.2.3",
"status": "affected"
},
{
"version": "9.16.2.7",
"status": "affected"
},
{
"version": "9.16.2.11",
"status": "affected"
},
{
"version": "9.16.2.13",
"status": "affected"
},
{
"version": "9.16.2.14",
"status": "affected"
},
{
"version": "9.16.3",
"status": "affected"
},
{
"version": "9.16.3.3",
"status": "affected"
},
{
"version": "9.16.3.14",
"status": "affected"
},
{
"version": "9.16.3.15",
"status": "affected"
},
{
"version": "9.16.3.19",
"status": "affected"
},
{
"version": "9.16.3.23",
"status": "affected"
},
{
"version": "9.16.4",
"status": "affected"
},
{
"version": "9.16.4.9",
"status": "affected"
},
{
"version": "9.16.4.14",
"status": "affected"
},
{
"version": "9.17.1",
"status": "affected"
},
{
"version": "9.17.1.7",
"status": "affected"
},
{
"version": "9.17.1.9",
"status": "affected"
},
{
"version": "9.17.1.10",
"status": "affected"
},
{
"version": "9.17.1.11",
"status": "affected"
},
{
"version": "9.17.1.13",
"status": "affected"
},
{
"version": "9.17.1.15",
"status": "affected"
},
{
"version": "9.17.1.20",
"status": "affected"
},
{
"version": "9.17.1.30",
"status": "affected"
},
{
"version": "9.18.1",
"status": "affected"
},
{
"version": "9.18.1.3",
"status": "affected"
},
{
"version": "9.18.2",
"status": "affected"
},
{
"version": "9.18.2.5",
"status": "affected"
},
{
"version": "9.18.2.7",
"status": "affected"
},
{
"version": "9.18.2.8",
"status": "affected"
},
{
"version": "9.18.3",
"status": "affected"
},
{
"version": "9.19.1",
"status": "affected"
},
{
"version": "9.19.1.5",
"status": "affected"
}
]
},
{
"vendor": "Cisco",
"product": "Cisco Firepower Threat Defense Software",
"versions": [
{
"version": "6.2.3.16",
"status": "affected"
},
{
"version": "6.2.3.17",
"status": "affected"
},
{
"version": "6.2.3.18",
"status": "affected"
},
{
"version": "6.6.1",
"status": "affected"
},
{
"version": "6.6.3",
"status": "affected"
},
{
"version": "6.6.4",
"status": "affected"
},
{
"version": "6.6.5",
"status": "affected"
},
{
"version": "6.6.5.1",
"status": "affected"
},
{
"version": "6.6.5.2",
"status": "affected"
},
{
"version": "6.6.7",
"status": "affected"
},
{
"version": "6.6.7.1",
"status": "affected"
},
{
"version": "6.4.0.10",
"status": "affected"
},
{
"version": "6.4.0.11",
"status": "affected"
},
{
"version": "6.4.0.12",
"status": "affected"
},
{
"version": "6.4.0.13",
"status": "affected"
},
{
"version": "6.4.0.14",
"status": "affected"
},
{
"version": "6.4.0.15",
"status": "affected"
},
{
"version": "6.4.0.16",
"status": "affected"
},
{
"version": "6.7.0",
"status": "affected"
},
{
"version": "6.7.0.1",
"status": "affected"
},
{
"version": "6.7.0.2",
"status": "affected"
},
{
"version": "6.7.0.3",
"status": "affected"
},
{
"version": "7.0.0",
"status": "affected"
},
{
"version": "7.0.0.1",
"status": "affected"
},
{
"version": "7.0.1",
"status": "affected"
},
{
"version": "7.0.1.1",
"status": "affected"
},
{
"version": "7.0.2",
"status": "affected"
},
{
"version": "7.0.2.1",
"status": "affected"
},
{
"version": "7.0.3",
"status": "affected"
},
{
"version": "7.0.4",
"status": "affected"
},
{
"version": "7.0.5",
"status": "affected"
},
{
"version": "7.1.0",
"status": "affected"
},
{
"version": "7.1.0.1",
"status": "affected"
},
{
"version": "7.1.0.2",
"status": "affected"
},
{
"version": "7.1.0.3",
"status": "affected"
},
{
"version": "7.2.0",
"status": "affected"
},
{
"version": "7.2.0.1",
"status": "affected"
},
{
"version": "7.2.1",
"status": "affected"
},
{
"version": "7.2.2",
"status": "affected"
},
{
"version": "7.2.3",
"status": "affected"
},
{
"version": "7.3.0",
"status": "affected"
},
{
"version": "7.3.1",
"status": "affected"
},
{
"version": "7.3.1.1",
"status": "affected"
}
]
}
]Related
nvd
nvd
CVE-2023-20256
2023-11-01 17:15:11
prion
prion
Improper access control
2023-11-01 17:15:00
cvelist
cvelist
CVE-2023-20256
2023-11-01 16:54:53
5.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
26.9%
Related for CVE-2023-20256