gsd-2023-20231
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.
Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-20231", "id": "GSD-2023-20231" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-20231" ], "details": "A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.\r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.\r\n\r Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default.", "id": "GSD-2023-20231", "modified": "2023-12-13T01:20:27.939569Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2023-20231", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco IOS XE Software", "version": { "version_data": [ { "version_affected": "=", "version_value": "16.12.8" }, { "version_affected": "=", "version_value": "16.12.4" }, { "version_affected": "=", "version_value": "16.12.4a" }, { "version_affected": "=", "version_value": "16.12.5" }, { "version_affected": "=", "version_value": "16.12.6" }, { "version_affected": "=", "version_value": "16.12.5a" }, { "version_affected": "=", "version_value": "16.12.5b" }, { "version_affected": "=", "version_value": "16.12.6a" }, { "version_affected": "=", "version_value": "16.12.7" }, { "version_affected": "=", "version_value": "16.12.9" }, { "version_affected": "=", "version_value": "17.2.2" }, { "version_affected": "=", "version_value": "17.2.3" }, { "version_affected": "=", "version_value": "17.3.1" }, { "version_affected": "=", "version_value": "17.3.2" }, { "version_affected": "=", "version_value": "17.3.3" }, { "version_affected": "=", "version_value": "17.3.1a" }, { "version_affected": "=", "version_value": "17.3.1w" }, { "version_affected": "=", "version_value": "17.3.2a" }, { "version_affected": "=", "version_value": "17.3.1x" }, { "version_affected": "=", "version_value": "17.3.1z" }, { "version_affected": "=", "version_value": "17.3.4" }, { "version_affected": "=", "version_value": "17.3.5" }, { "version_affected": "=", "version_value": "17.3.4a" }, { "version_affected": "=", "version_value": "17.3.6" }, { "version_affected": "=", "version_value": "17.3.4b" }, { "version_affected": "=", "version_value": "17.3.4c" }, { "version_affected": "=", "version_value": "17.3.5a" }, { "version_affected": "=", "version_value": "17.3.5b" }, { "version_affected": "=", "version_value": "17.4.1" }, { "version_affected": "=", "version_value": "17.4.2" }, { "version_affected": "=", "version_value": "17.4.1a" }, { "version_affected": "=", "version_value": "17.4.1b" }, { "version_affected": "=", "version_value": "17.4.2a" }, { "version_affected": "=", "version_value": "17.5.1" }, { "version_affected": "=", "version_value": "17.5.1a" }, { "version_affected": "=", "version_value": "17.5.1b" }, { "version_affected": "=", "version_value": "17.5.1c" }, { "version_affected": "=", "version_value": "17.6.1" }, { "version_affected": "=", "version_value": "17.6.2" }, { "version_affected": "=", "version_value": "17.6.1w" }, { "version_affected": "=", "version_value": "17.6.1a" }, { "version_affected": "=", "version_value": "17.6.1x" }, { "version_affected": "=", "version_value": "17.6.3" }, { "version_affected": "=", "version_value": "17.6.1y" }, { "version_affected": "=", "version_value": "17.6.1z" }, { "version_affected": "=", "version_value": "17.6.3a" }, { "version_affected": "=", "version_value": "17.6.4" }, { "version_affected": "=", "version_value": "17.6.1z1" }, { "version_affected": "=", "version_value": "17.6.5" }, { "version_affected": "=", "version_value": "17.6.5a" }, { "version_affected": "=", "version_value": "17.7.1" }, { "version_affected": "=", "version_value": "17.7.1a" }, { "version_affected": "=", "version_value": "17.7.1b" }, { "version_affected": "=", "version_value": "17.7.2" }, { "version_affected": "=", "version_value": "17.10.1" }, { "version_affected": "=", "version_value": "17.10.1a" }, { "version_affected": "=", "version_value": "17.10.1b" }, { "version_affected": "=", "version_value": "17.8.1" }, { "version_affected": "=", "version_value": "17.8.1a" }, { "version_affected": "=", "version_value": "17.9.1" }, { "version_affected": "=", "version_value": "17.9.1w" }, { "version_affected": "=", "version_value": "17.9.2" }, { "version_affected": "=", "version_value": "17.9.1a" }, { "version_affected": "=", "version_value": "17.9.1x" }, { "version_affected": "=", "version_value": "17.9.1y" }, { "version_affected": "=", "version_value": "17.9.2a" }, { "version_affected": "=", "version_value": "17.9.1x1" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.\r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.\r\n\r Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-78", "lang": "eng", "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy", "refsource": "MISC", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy" } ] }, "source": { "advisory": "cisco-sa-webui-cmdij-FzZAeXAy", "defects": [ "CSCwe12578" ], "discovery": "INTERNAL" } }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*", "matchCriteriaId": "7F02EE9D-45B1-43D6-B05D-6FF19472216B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*", "matchCriteriaId": "1C1DBBCD-4C5A-43BB-8FB0-6F1AF99ED0D2", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.5:*:*:*:*:*:*:*", "matchCriteriaId": "8FCB9440-F470-45D1-AAFA-01FB5D76B600", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.5a:*:*:*:*:*:*:*", "matchCriteriaId": "3F66ECFE-B631-47AE-995F-024A4E586A85", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.5b:*:*:*:*:*:*:*", "matchCriteriaId": "3BBFDD70-7AF3-47AE-94CA-56C19F2D6234", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.6:*:*:*:*:*:*:*", "matchCriteriaId": "5B736F09-3B51-4B2A-92F6-602847001F15", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.6a:*:*:*:*:*:*:*", "matchCriteriaId": "2F58A94E-B050-4EFA-84BA-43B11BA22E77", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.7:*:*:*:*:*:*:*", "matchCriteriaId": "5E864BB1-FD23-4AB3-9138-5FD8B62EAF5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.8:*:*:*:*:*:*:*", "matchCriteriaId": "838D6C2D-C131-4A9C-AAE5-5BF38E637E4B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.9:*:*:*:*:*:*:*", "matchCriteriaId": "37D5E77B-687D-4AE7-95B8-0AB56AF5DAD3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "75CCB5F1-27F5-4FF9-8389-0A9ABCF7F070", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "08DCCBA3-82D2-4444-B5D3-E5FC58D024F9", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "128F95D7-E49F-4B36-8F47-823C0298449E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*", "matchCriteriaId": "E21B3881-37E9-4C00-9336-12C9C28D1B61", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1w:*:*:*:*:*:*:*", "matchCriteriaId": "E54599DB-A85E-4EEA-9985-2CBF90E28A08", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1x:*:*:*:*:*:*:*", "matchCriteriaId": "4046C325-7EDB-4C95-AA98-541BEC8F9E0F", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1z:*:*:*:*:*:*:*", "matchCriteriaId": "E5B70A3D-CBE1-4218-A7B4-F85741A57BD7", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "2B270A04-9961-4E99-806B-441CD674AFBD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C5DD2403-113B-4100-8BD4-90E1927E6648", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "DAF73937-BCE2-4BEF-B4B0-83212DA4A6C8", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*", "matchCriteriaId": "2DDB1E60-C2A9-4570-BE80-F3D478A53738", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4b:*:*:*:*:*:*:*", "matchCriteriaId": "9841799A-87E2-46AE-807A-824981EAB35A", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*", "matchCriteriaId": "0CEF022B-271F-4017-B74B-82748D5EBA01", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "6B2902D8-3A7B-4C47-9BC6-8CA4C580A346", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.5a:*:*:*:*:*:*:*", "matchCriteriaId": "8871B890-78F4-4D9D-AEFF-6A393493C51E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.5b:*:*:*:*:*:*:*", "matchCriteriaId": "9E489AC5-A445-44FF-AA85-F0915577384E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "917BA05C-2A18-4C68-B508-85C2B5A94416", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "5A6B707B-4543-41F1-83DF-49A93BF56FB1", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*", "matchCriteriaId": "DC8F611B-D347-4A21-90E6-56CF4D8A35A3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*", "matchCriteriaId": "D9A92CE4-B4B0-4C14-AE11-8DFE511406F3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "274E3E6F-4280-4EAE-B102-1BE57FE1F1D2", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.2a:*:*:*:*:*:*:*", "matchCriteriaId": "46B52A51-51DB-4A12-AB1D-8D9605226599", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "938B0720-8CA7-43BA-9708-5CE9EC7A565A", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*", "matchCriteriaId": "D4BE7166-DBD3-4CE6-A14A-725FE896B85E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.5.1b:*:*:*:*:*:*:*", "matchCriteriaId": "4B5244CD-ECFA-4CCD-B611-C5A59368C5E1", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.5.1c:*:*:*:*:*:*:*", "matchCriteriaId": "BDEDC7A0-D031-433B-ABF5-4EC0A43D80CC", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "4DE62C4B-7C06-4907-BADE-416C1618D2D9", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1.z:*:*:*:*:*:*:*", "matchCriteriaId": "7F7E7D26-3144-48B6-B236-05136CD38157", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*", "matchCriteriaId": "0C60DF3F-DBD9-4BBF-812E-4BB0C47BDF3C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1w:*:*:*:*:*:*:*", "matchCriteriaId": "26FEE2E2-DD85-4006-8895-0BDA04E8EE4C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1x:*:*:*:*:*:*:*", "matchCriteriaId": "A0CD237B-2843-4D37-87D7-AE6D1A53458A", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1y:*:*:*:*:*:*:*", "matchCriteriaId": "1B80614B-6362-45F0-B305-2F137B053DCF", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1z1:*:*:*:*:*:*:*", "matchCriteriaId": "EB7966A0-D84D-47F7-AED9-D041BCDA6703", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "04D19D8C-FACF-49B4-BA99-CC3A3FDADAFB", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "0B78942C-BEE1-4D18-9075-8E1D991BF621", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*", "matchCriteriaId": "5B306D35-4A13-4D23-8EC2-D000E8ADCDA5", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "9F21093D-1036-4F6B-B90F-ACE1EF99EA33", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "280D24C6-A2BF-46E8-B512-6A3FA7833922", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "38B87B17-C653-40AC-8AE4-066BB1123C88", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*", "matchCriteriaId": "9012A66E-82C4-4ACF-A4BB-37EC54B87B50", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.7.1b:*:*:*:*:*:*:*", "matchCriteriaId": "9C945710-7DC3-43D9-9FBE-F2A1B8666C73", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*", "matchCriteriaId": "849C6FF1-F7C0-4021-BCA2-A791C87E4F37", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "7592C7E3-3735-425F-A276-9EE03224CD5E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*", "matchCriteriaId": "1103BE75-EB64-4A9A-801E-EDE6A1F861F5", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "5B0C2129-8149-4362-827C-A5494C9D398B", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*", "matchCriteriaId": "7452C7E9-6241-42C5-9A7F-13C0BD38A2B4", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.1w:*:*:*:*:*:*:*", "matchCriteriaId": "38C48FC4-5362-4B61-8B8C-7CAFFB81045E", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.1x:*:*:*:*:*:*:*", "matchCriteriaId": "2BC43383-DF99-4D38-A220-0A202623B36A", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.1x1:*:*:*:*:*:*:*", "matchCriteriaId": "B7E6CD08-EC7E-42C1-B2C2-CA5E154545A0", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.1y:*:*:*:*:*:*:*", "matchCriteriaId": "DE62DC68-E882-49E7-AAD2-2F73637FFB4A", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "D197445E-EC12-429C-BDD4-F63FA5C1B3E3", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*", "matchCriteriaId": "BD27DF50-9E81-4EC5-BA73-513F1DFB972C", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.2b:*:*:*:*:*:*:*", "matchCriteriaId": "91A099C9-0C81-4819-BE4A-FE59144C55BD", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "42FAEC29-D754-49D6-85F1-F5DDFAF6E80F", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*", "matchCriteriaId": "CCE76032-948F-444F-BA5D-72A34D1CD382", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.10.1b:*:*:*:*:*:*:*", "matchCriteriaId": "9A965A2A-129C-45C3-BCB1-2860F583D020", "vulnerable": true }, { "criteria": "cpe:2.3:o:cisco:ios_xe:17.91w:*:*:*:*:*:*:*", "matchCriteriaId": "6CAD1C8C-765D-47C4-BAD0-5C2B67460DC4", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:catalyst_9105ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "C76DACE3-7D3B-4FE6-8567-0C9D43FF7A7E", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9105axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "19F93DF4-67DB-4B30-AC22-60C67DF32DB2", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9105axw:-:*:*:*:*:*:*:*", "matchCriteriaId": "59C77B06-3C22-4092-AAAB-DB099A0B16A6", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9115ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "36E2B891-4F41-4D0D-BAA2-0256C0565BDE", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9115axe:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE4C56A6-E843-498A-A17B-D3D1B01E70E7", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9115axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "F050F416-44C3-474C-9002-321A33F288D6", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9117ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA8798F4-35BB-4F81-9385-B0274BFAAF15", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9117axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A699C5C-CD03-4263-952F-5074B470F20E", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9120ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "5889AFA2-752E-4EDD-A837-5C003025B25C", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9120axe:-:*:*:*:*:*:*:*", "matchCriteriaId": "46D41CFE-784B-40EE-9431-8097428E5892", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9120axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D148A27-85B6-4883-96B5-343C8D32F23B", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9120axp:-:*:*:*:*:*:*:*", "matchCriteriaId": "735CA950-672C-4787-8910-48AD07868FDE", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9124ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "53852300-C1D2-4F84-B8DA-4EDBCB374075", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9124axd:-:*:*:*:*:*:*:*", "matchCriteriaId": "E987C945-4D6D-4BE5-B6F0-784B7E821D11", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9124axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "B434C6D7-F583-4D2B-9275-38A5EC4ECC30", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9130ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "5CADEB5A-5147-4420-A825-BAB07BD60AA2", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9130axe:-:*:*:*:*:*:*:*", "matchCriteriaId": "4EC1F736-6240-4FA2-9FEC-D8798C9D287C", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9130axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "169E5354-07EA-4639-AB4B-20D2B9DE784C", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300:-:*:*:*:*:*:*:*", "matchCriteriaId": "0972076B-5C87-44B3-90EC-4C200B89318A", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-24p-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3765B3DB-8B1B-46EF-AF7D-ED1EB2079C3A", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-24p-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "74AED057-2458-4DE0-8D51-ABD766D07F68", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-24s-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "19538C03-5FB8-4401-8B21-489C629D7E7D", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-24s-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "B26D7061-F471-4DF0-A892-ED132958B84A", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-24t-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "033ED443-80E7-4012-9825-07AAC0D44B96", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-24t-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "AD3F3CC6-A349-47B1-B282-B6458683C191", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-24u-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB24EF21-1C10-48A7-BC68-FFC842A28D12", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-24u-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED0625A2-BF14-4552-83D8-AEE0A04EA023", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-24ux-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "CD0D6ED6-AE64-4E20-B9CD-3EAA22709CFF", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-24ux-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "21AFDC0D-7629-424E-827B-C8A8767324C3", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-48p-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "A263CFF2-A659-405B-90EA-51E49B25C6D3", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-48p-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "CEFBD449-217D-4569-99F7-D56B853A3E07", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-48s-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "7ED668FC-D1A5-4175-A234-23760BA6E788", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-48s-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D650C48-9241-42F7-87A9-20733329489A", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-48t-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "3ED16A65-9AFF-4825-95D1-162FBA0F566D", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-48t-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "82D345E7-8208-41AC-B11A-4425D29E98A1", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-48u-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "E386D461-F1C1-4970-B056-D6119E74D449", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-48u-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "99F3A466-F665-4132-ABC4-2DFC0A7E2B55", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-48un-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3395168-FF2E-4CB6-AABE-5E36DEB241CA", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-48un-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F525CBC-1CE6-4CAB-B1C1-DFA7EA462EF0", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-48uxm-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "226F985C-4669-4D0A-9DB4-CB1465B37B02", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300-48uxm-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B736A43-6F4E-40A9-84E4-D9E251489234", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2FF888F-46F5-4A79-BB88-BB2EC2D27E24", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4g-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "26437DA7-2EFE-4CA2-8DB0-9FECBEFAE4EA", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4g-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "E99CA124-7D86-463B-A31E-A7836B7493E6", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "E014B028-8DD9-428C-B705-8F428F145932", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6C44229-A842-49B2-AD3E-79C83DB63EBE", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4g-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D56D21F-0F55-4AB1-AB9B-8EAE08F4BEDA", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4g-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "D3C0441D-A7AC-4B4E-970A-3A441C2F66B0", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "5306E847-C718-4C83-9C97-8AB498DC4A88", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "18287CEF-B574-4498-A256-567CA6E6CA7C", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4g-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E9AAA2C-495E-4FD1-9050-264FDC25254B", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4g-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "5713043E-2535-4540-B3EF-41FAC40BECE9", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "0C0C18E5-45B9-49D2-A4AB-DD8D5CB04C5C", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "67701D77-8B03-446A-AE22-4B8CCCD6F029", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4g-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "5B0BEAE3-2056-4B7B-8D7C-AEE3DC86CC2A", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4g-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "831A2390-7170-4FC0-A95E-3DAB1791017D", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4x-a:-:*:*:*:*:*:*:*", "matchCriteriaId": "F788CBC4-782F-4A43-AC80-4AEF1C43A22D", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4x-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "493989DC-8F1B-45C9-AD11-38B97B958C9C", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300l_stack:-:*:*:*:*:*:*:*", "matchCriteriaId": "419ABFB5-2C27-4EBE-98EF-8A8B718CD1F9", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300lm:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA0DBB2E-DB15-47E1-B8F2-3AC0B1197C5F", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9300x:-:*:*:*:*:*:*:*", "matchCriteriaId": "F168FB20-0C44-4A5B-910A-04B9517545C2", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9400:-:*:*:*:*:*:*:*", "matchCriteriaId": "737F22AB-C5A9-4A18-BA3D-38A222491397", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9407r:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5508320-8318-41A8-8026-4A61907C1CD7", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9410r:-:*:*:*:*:*:*:*", "matchCriteriaId": "AAD337D8-8C72-4025-A8C3-E63598DE7BDB", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9500:-:*:*:*:*:*:*:*", "matchCriteriaId": "176ACF88-6112-4179-8492-50C50577B300", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9500h:-:*:*:*:*:*:*:*", "matchCriteriaId": "D07FC868-0B38-4F24-BA40-87966FF80AB7", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9800:-:*:*:*:*:*:*:*", "matchCriteriaId": "A48E6CF0-7A3B-4D11-8D02-0CD38F2420E9", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B9ED0E5-CB20-4106-9CF2-8EB587B33543", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B0E620C-8E09-4F7C-A326-26013173B993", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF93F1C8-669F-4ECB-8D81-ECDA7B550175", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E0BA345-B7D7-4975-9199-4DC7875BBFD0", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*", "matchCriteriaId": "4E9EA95F-4E39-4D9C-8A84-D1F6014A4A40", "vulnerable": false }, { "criteria": "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA0BC769-C244-41BD-BE80-E67F4E1CDDA4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.\r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.\r\n\r Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default." }, { "lang": "es", "value": "Una vulnerabilidad en la interfaz de usuario web del software Cisco IOS XE podr\u00eda permitir que un atacante remoto autenticado realice un ataque de inyecci\u00f3n contra un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando datos manipulados a la interfaz de usuario web. Un exploit exitoso podr\u00eda permitir al atacante ejecutar comandos arbitrarios al CLI del Cisco IOS XE con privilegios de nivel 15. Nota: Esta vulnerabilidad solo se puede explotar si el atacante obtiene las credenciales de una cuenta de Lobby Ambassador. Esta cuenta no est\u00e1 configurada de forma predeterminada." } ], "id": "CVE-2023-20231", "lastModified": "2024-01-25T17:15:39.237", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary" } ] }, "published": "2023-09-27T18:15:11.430", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-20" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-78" } ], "source": "ykramarz@cisco.com", "type": "Secondary" } ] } } } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.