CVE-2023-20097

Published: Mar 23, 2023Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP.

Affected (6)

Products: Cisco: Wireless Lan Controller Software, Aironet Access Point Software, Ios Xe

Cisco

3 products

Wireless Lan Controller Software

Aironet Access Point Software

Ios Xe

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Wireless Lan Controller Software	Before 8.10.183.0

Running on/with	Platform Versions
Cisco Esw6300	All versions

Configuration B

1 vulnerable · 57 platform

Vulnerable Software	Affected Versions
Cisco Aironet Access Point Software	Before 17.9.0.135

Running on/with	Platform Versions
Cisco Aironet 1540	All versions
Cisco Aironet 1542d	All versions
Cisco Aironet 1542i	All versions
Cisco Aironet 1560	All versions
Cisco Aironet 1562d	All versions
Cisco Aironet 1562e	All versions
Cisco Aironet 1562i	All versions
Cisco Aironet 1800	All versions
Cisco Aironet 1800i	All versions
Cisco Aironet 1810	All versions
Cisco Aironet 1810w	All versions
Cisco Aironet 1815	All versions
Cisco Aironet 1815i	All versions
Cisco Aironet 1815m	All versions
Cisco Aironet 1815t	All versions
Cisco Aironet 1815w	All versions
Cisco Aironet 2800	All versions
Cisco Aironet 2800e	All versions
Cisco Aironet 2800i	All versions
Cisco Aironet 3800	All versions
Cisco Aironet 3800e	All versions
Cisco Aironet 3800i	All versions
Cisco Aironet 3800p	All versions
Cisco Aironet 4800	All versions
Cisco Catalyst 9100	All versions
Cisco Catalyst 9105	All versions
Cisco Catalyst 9105ax	All versions
Cisco Catalyst 9105axi	All versions
Cisco Catalyst 9105axw	All versions
Cisco Catalyst 9115	All versions
Cisco Catalyst 9115 Ap	All versions
Cisco Catalyst 9115ax	All versions
Cisco Catalyst 9115axe	All versions
Cisco Catalyst 9115axi	All versions
Cisco Catalyst 9117	All versions
Cisco Catalyst 9117 Ap	All versions
Cisco Catalyst 9117ax	All versions
Cisco Catalyst 9117axi	All versions
Cisco Catalyst 9120	All versions
Cisco Catalyst 9120 Ap	All versions
Cisco Catalyst 9120ax	All versions
Cisco Catalyst 9120axe	All versions
Cisco Catalyst 9120axi	All versions
Cisco Catalyst 9120axp	All versions
Cisco Catalyst 9124	All versions
Cisco Catalyst 9124ax	All versions
Cisco Catalyst 9124axd	All versions
Cisco Catalyst 9124axi	All versions
Cisco Catalyst 9130	All versions
Cisco Catalyst 9130 Ap	All versions
Cisco Catalyst 9130ax	All versions
Cisco Catalyst 9130axe	All versions
Cisco Catalyst 9130axi	All versions
Cisco Catalyst Iw6300	All versions
Cisco Catalyst Iw6300 Ac	All versions
Cisco Catalyst Iw6300 Dc	All versions
Cisco Catalyst Iw6300 Dcw	All versions

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Cisco Ios Xe	Before 16.12.8
Cisco Ios Xe	From 17.1 to 17.3.6
Cisco Ios Xe	From 17.4 to 17.6.5
Cisco Ios Xe	From 17.7 to 17.9.2

Related CWEs

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironetap-cmdinj-6bjT4FL8

Source: psirt@cisco.com

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironetap-cmdinj-6bjT4FL8

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.