Lucene search

[email protected]NVD:CVE-2023-20035

HistoryMar 23, 2023 - 5:15 p.m.

CVE-2023-20035

2023-03-2317:15:14

CWE-146

[email protected]

web.nvd.nist.gov

cisco

ios xe

sd-wan

vulnerability

local attacker

arbitrary commands

elevated privileges

input validation

system cli

operating system

complete control

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an affected device using either local terminal access or a management shell interface and then submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system. Note: For additional information about specific impacts, see the Details section of this advisory.

Affected configurations

Nvd

Node

ciscoios_xe_sd-wanMatch-

AND

ciscocatalyst_8000v_edgeMatch-

cisco1100-4g\/6g_integrated_services_routerMatch-

cisco1100-4p_integrated_services_routerMatch-

cisco1100-8p_integrated_services_routerMatch-

cisco1100_integrated_services_routerMatch-

cisco1101-4p_integrated_services_routerMatch-

cisco1101_integrated_services_routerMatch-

cisco1109-2p_integrated_services_routerMatch-

cisco1109-4p_integrated_services_routerMatch-

cisco1109_integrated_services_routerMatch-

cisco1120_integrated_services_routerMatch-

cisco1131_integrated_services_routerMatch-

cisco1160_integrated_services_routerMatch-

cisco4221_integrated_services_routerMatch-

cisco4321_integrated_services_routerMatch-

cisco4331_integrated_services_routerMatch-

cisco4351_integrated_services_routerMatch-

cisco4431_integrated_services_routerMatch-

cisco4451-x_integrated_services_routerMatch-

cisco4451_integrated_services_routerMatch-

cisco4461_integrated_services_routerMatch-

ciscoasr_1001-xMatch-

ciscoasr_1002-hxMatch-

ciscoasr_1006-xMatch-

ciscoasr_1009-xMatch-

ciscocatalyst_8200Match-

ciscocatalyst_8300Match-

ciscocatalyst_8300-1n1s-4t2xMatch-

ciscocatalyst_8300-1n1s-6tMatch-

ciscocatalyst_8300-2n2s-4t2xMatch-

ciscocatalyst_8300-2n2s-6tMatch-

ciscocatalyst_8500Match-

ciscocatalyst_8500-4qcMatch-

ciscocatalyst_8500lMatch-

ciscocatalyst_8510csrMatch-

ciscocatalyst_8510msrMatch-

ciscocatalyst_8540csrMatch-

ciscocatalyst_8540msrMatch-

ciscocsr_1000vMatch-

VendorProductVersionCPE
ciscoios_xe_sd-wan-cpe:2.3:o:cisco:ios_xe_sd-wan:-:*:*:*:*:*:*:*
ciscocatalyst_8000v_edge-cpe:2.3:a:cisco:catalyst_8000v_edge:-:*:*:*:*:*:*:*
cisco1100-4g\/6g_integrated_services_router-cpe:2.3:h:cisco:1100-4g\/6g_integrated_services_router:-:*:*:*:*:*:*:*
cisco1100-4p_integrated_services_router-cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*
cisco1100-8p_integrated_services_router-cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*
cisco1100_integrated_services_router-cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*
cisco1101-4p_integrated_services_router-cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*
cisco1101_integrated_services_router-cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:*
cisco1109-2p_integrated_services_router-cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*
cisco1109-4p_integrated_services_router-cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ios_xe_sd-wan	-	cpe:2.3:o:cisco:ios_xe_sd-wan:-:::::::*
cisco	catalyst_8000v_edge	-	cpe:2.3:a:cisco:catalyst_8000v_edge:-:::::::*
cisco	1100-4g\/6g_integrated_services_router	-	cpe:2.3:h:cisco:1100-4g\/6g_integrated_services_router:-:::::::*
cisco	1100-4p_integrated_services_router	-	cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:::::::*
cisco	1100-8p_integrated_services_router	-	cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:::::::*
cisco	1100_integrated_services_router	-	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*
cisco	1101-4p_integrated_services_router	-	cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:::::::*
cisco	1101_integrated_services_router	-	cpe:2.3:h:cisco:1101_integrated_services_router:-:::::::*
cisco	1109-2p_integrated_services_router	-	cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:::::::*
cisco	1109-4p_integrated_services_router	-	cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:::::::*