CVE-2023-20214

🗓️ 03 Aug 2023 21:24:57Reported by ciscoType

Cisco SD-WAN vManage REST API vulnerability allows unauthenticated remote attacker to gain read/write permissions to configuratio

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the application software interface of the Cisco Catalyst SD-WAN Manager allows a attacker to disclose sensitive information or alter the configuration of the Cisco Catalyst SD-WAN Manager instances.	17 Jul 202300:00	–	bdu_fstec
Cisco	Cisco SD-WAN vManage Unauthenticated REST API Access Vulnerability	12 Jul 202316:00	–	cisco
Tenable Nessus	Cisco SD-WAN vManage Unauthenticated REST API Access (cisco-sa-vmanage-unauthapi-sphCLYPA)	12 Jul 202300:00	–	nessus
CNNVD	Cisco SD-WAN vManage 授权问题漏洞	13 Jul 202300:00	–	cnnvd
CNVD	Cisco SD-WAN vManage Input Validation Error Vulnerability (CNVD-2023-62933)	17 Jul 202300:00	–	cnvd
CVE	CVE-2023-20214	3 Aug 202321:24	–	cve
EUVD	EUVD-2023-24393	3 Oct 202520:07	–	euvd
NVD	CVE-2023-20214	3 Aug 202322:15	–	nvd
OSV	CVE-2023-20214	3 Aug 202322:15	–	osv
Prion	Input validation	3 Aug 202322:15	–	prion

[
  {
    "vendor": "Cisco",
    "product": "Cisco SD-WAN vManage",
    "versions": [
      {
        "version": "20.6.4",
        "status": "affected"
      },
      {
        "version": "20.6.5",
        "status": "affected"
      },
      {
        "version": "20.6.5.1",
        "status": "affected"
      },
      {
        "version": "20.6.4.1",
        "status": "affected"
      },
      {
        "version": "20.6.5.2",
        "status": "affected"
      },
      {
        "version": "20.6.5.4",
        "status": "affected"
      },
      {
        "version": "20.6.3.3",
        "status": "affected"
      },
      {
        "version": "20.6.4.0.21",
        "status": "affected"
      },
      {
        "version": "20.6.5.1.10",
        "status": "affected"
      },
      {
        "version": "20.6.5.1.11",
        "status": "affected"
      },
      {
        "version": "20.6.5.1.7",
        "status": "affected"
      },
      {
        "version": "20.6.5.1.9",
        "status": "affected"
      },
      {
        "version": "20.6.5.2.4",
        "status": "affected"
      },
      {
        "version": "20.6.5.2.8",
        "status": "affected"
      },
      {
        "version": "20.6.5.1.13",
        "status": "affected"
      },
      {
        "version": "20.7.1",
        "status": "affected"
      },
      {
        "version": "20.7.1.1",
        "status": "affected"
      },
      {
        "version": "20.7.2",
        "status": "affected"
      },
      {
        "version": "20.8.1",
        "status": "affected"
      },
      {
        "version": "20.9.1",
        "status": "affected"
      },
      {
        "version": "20.9.2",
        "status": "affected"
      },
      {
        "version": "20.9.2.1",
        "status": "affected"
      },
      {
        "version": "20.9.3",
        "status": "affected"
      },
      {
        "version": "20.9.3.1",
        "status": "affected"
      },
      {
        "version": "20.9.2.3",
        "status": "affected"
      },
      {
        "version": "20.9.3.0.12",
        "status": "affected"
      },
      {
        "version": "20.9.3.0.16",
        "status": "affected"
      },
      {
        "version": "20.9.3.0.17",
        "status": "affected"
      },
      {
        "version": "20.9.3.0.18",
        "status": "affected"
      },
      {
        "version": "20.9.3.0.20",
        "status": "affected"
      },
      {
        "version": "20.9.3.0.21",
        "status": "affected"
      },
      {
        "version": "20.9.3.0.23",
        "status": "affected"
      },
      {
        "version": "20.10.1",
        "status": "affected"
      },
      {
        "version": "20.10.1.1",
        "status": "affected"
      },
      {
        "version": "20.11.1",
        "status": "affected"
      },
      {
        "version": "20.11.1.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-unauthapi-sphCLYPA

25 Jan 2024 16:58Current

9.6High risk

Vulners AI Score9.6

CVSS 3.19.1

EPSS0.00731