← Back

CVE-2023-20231

nvd nist
Published: Sep 27, 2023Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default.

Affected (67)

Products: Cisco: Ios Xe
Cisco
1 product
Ios Xe
Configuration A
67 vulnerable · 73 platform
Vulnerable SoftwareAffected Versions
Cisco
Ios Xe
Version 16.12.4
Ios Xe
Version 16.12.4a
Ios Xe
Version 16.12.5
Ios Xe
Version 16.12.5a
Ios Xe
Version 16.12.5b
Ios Xe
Version 16.12.6
Ios Xe
Version 16.12.6a
Ios Xe
Version 16.12.7
Ios Xe
Version 16.12.8
Ios Xe
Version 16.12.9
Ios Xe
Version 17.10.1
Ios Xe
Version 17.10.1a
Ios Xe
Version 17.10.1b
Ios Xe
Version 17.2.2
Ios Xe
Version 17.2.3
Ios Xe
Version 17.3.1
Ios Xe
Version 17.3.1a
Ios Xe
Version 17.3.1w
Ios Xe
Version 17.3.1x
Ios Xe
Version 17.3.1z
Ios Xe
Version 17.3.2
Ios Xe
Version 17.3.3
Ios Xe
Version 17.3.4
Ios Xe
Version 17.3.4a
Ios Xe
Version 17.3.4b
Ios Xe
Version 17.3.4c
Ios Xe
Version 17.3.5
Ios Xe
Version 17.3.5a
Ios Xe
Version 17.3.5b
Ios Xe
Version 17.3.6
Ios Xe
Version 17.4.1
Ios Xe
Version 17.4.1a
Ios Xe
Version 17.4.1b
Ios Xe
Version 17.4.2
Ios Xe
Version 17.4.2a
Ios Xe
Version 17.5.1
Ios Xe
Version 17.5.1a
Ios Xe
Version 17.5.1b
Ios Xe
Version 17.5.1c
Ios Xe
Version 17.6.1.z
Ios Xe
Version 17.6.1
Ios Xe
Version 17.6.1a
Ios Xe
Version 17.6.1w
Ios Xe
Version 17.6.1x
Ios Xe
Version 17.6.1y
Ios Xe
Version 17.6.1z1
Ios Xe
Version 17.6.2
Ios Xe
Version 17.6.3
Ios Xe
Version 17.6.3a
Ios Xe
Version 17.6.4
Ios Xe
Version 17.6.5
Ios Xe
Version 17.7.1
Ios Xe
Version 17.7.1a
Ios Xe
Version 17.7.1b
Ios Xe
Version 17.7.2
Ios Xe
Version 17.8.1
Ios Xe
Version 17.8.1a
Ios Xe
Version 17.9.1
Ios Xe
Version 17.9.1a
Ios Xe
Version 17.9.1w
Ios Xe
Version 17.9.1x1
Ios Xe
Version 17.9.1x
Ios Xe
Version 17.9.1y
Ios Xe
Version 17.9.2
Ios Xe
Version 17.9.2a
Ios Xe
Version 17.9.2b
Ios Xe
Version 17.91w
Running on/withPlatform Versions
Cisco
Catalyst 9105ax
All versions
Cisco
Catalyst 9105axi
All versions
Cisco
Catalyst 9105axw
All versions
Cisco
Catalyst 9115ax
All versions
Cisco
Catalyst 9115axe
All versions
Cisco
Catalyst 9115axi
All versions
Cisco
Catalyst 9117ax
All versions
Cisco
Catalyst 9117axi
All versions
Cisco
Catalyst 9120ax
All versions
Cisco
Catalyst 9120axe
All versions
Cisco
Catalyst 9120axi
All versions
Cisco
Catalyst 9120axp
All versions
Cisco
Catalyst 9124ax
All versions
Cisco
Catalyst 9124axd
All versions
Cisco
Catalyst 9124axi
All versions
Cisco
Catalyst 9130ax
All versions
Cisco
Catalyst 9130axe
All versions
Cisco
Catalyst 9130axi
All versions
Cisco
Catalyst 9300
All versions
Cisco
Catalyst 9300 24p A
All versions
Cisco
Catalyst 9300 24p E
All versions
Cisco
Catalyst 9300 24s A
All versions
Cisco
Catalyst 9300 24s E
All versions
Cisco
Catalyst 9300 24t A
All versions
Cisco
Catalyst 9300 24t E
All versions
Cisco
Catalyst 9300 24u A
All versions
Cisco
Catalyst 9300 24u E
All versions
Cisco
Catalyst 9300 24ux A
All versions
Cisco
Catalyst 9300 24ux E
All versions
Cisco
Catalyst 9300 48p A
All versions
Cisco
Catalyst 9300 48p E
All versions
Cisco
Catalyst 9300 48s A
All versions
Cisco
Catalyst 9300 48s E
All versions
Cisco
Catalyst 9300 48t A
All versions
Cisco
Catalyst 9300 48t E
All versions
Cisco
Catalyst 9300 48u A
All versions
Cisco
Catalyst 9300 48u E
All versions
Cisco
Catalyst 9300 48un A
All versions
Cisco
Catalyst 9300 48un E
All versions
Cisco
Catalyst 9300 48uxm A
All versions
Cisco
Catalyst 9300 48uxm E
All versions
Cisco
Catalyst 9300l
All versions
Cisco
Catalyst 9300l 24p 4g A
All versions
Cisco
Catalyst 9300l 24p 4g E
All versions
Cisco
Catalyst 9300l 24p 4x A
All versions
Cisco
Catalyst 9300l 24p 4x E
All versions
Cisco
Catalyst 9300l 24t 4g A
All versions
Cisco
Catalyst 9300l 24t 4g E
All versions
Cisco
Catalyst 9300l 24t 4x A
All versions
Cisco
Catalyst 9300l 24t 4x E
All versions
Cisco
Catalyst 9300l 48p 4g A
All versions
Cisco
Catalyst 9300l 48p 4g E
All versions
Cisco
Catalyst 9300l 48p 4x A
All versions
Cisco
Catalyst 9300l 48p 4x E
All versions
Cisco
Catalyst 9300l 48t 4g A
All versions
Cisco
Catalyst 9300l 48t 4g E
All versions
Cisco
Catalyst 9300l 48t 4x A
All versions
Cisco
Catalyst 9300l 48t 4x E
All versions
Cisco
Catalyst 9300l Stack
All versions
Cisco
Catalyst 9300lm
All versions
Cisco
Catalyst 9300x
All versions
Cisco
Catalyst 9400
All versions
Cisco
Catalyst 9407r
All versions
Cisco
Catalyst 9410r
All versions
Cisco
Catalyst 9500
All versions
Cisco
Catalyst 9500h
All versions
Cisco
Catalyst 9800
All versions
Cisco
Catalyst 9800 40
All versions
Cisco
Catalyst 9800 80
All versions
Cisco
Catalyst 9800 Cl
All versions
Cisco
Catalyst 9800 L
All versions
Cisco
Catalyst 9800 L C
All versions
Cisco
Catalyst 9800 L F
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.