CVE-2023-20261

Published: Oct 18, 2023Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an affected system. To exploit this vulnerability, the attacker must be an authenticated user.

Affected (99)

Products: Cisco: Catalyst Sd Wan Manager

Cisco

1 product

Catalyst Sd Wan Manager

Configuration A

99 vulnerable

Vulnerable Software	Affected Versions
Cisco Catalyst Sd Wan Manager	Version 17.2.10
Cisco Catalyst Sd Wan Manager	Version 17.2.4
Cisco Catalyst Sd Wan Manager	Version 17.2.5
Cisco Catalyst Sd Wan Manager	Version 17.2.6
Cisco Catalyst Sd Wan Manager	Version 17.2.7
Cisco Catalyst Sd Wan Manager	Version 17.2.8
Cisco Catalyst Sd Wan Manager	Version 17.2.9
Cisco Catalyst Sd Wan Manager	Version 18.2.0
Cisco Catalyst Sd Wan Manager	Version 18.3.0
Cisco Catalyst Sd Wan Manager	Version 18.3.1.1
Cisco Catalyst Sd Wan Manager	Version 18.3.1
Cisco Catalyst Sd Wan Manager	Version 18.3.3.1
Cisco Catalyst Sd Wan Manager	Version 18.3.3
Cisco Catalyst Sd Wan Manager	Version 18.3.4
Cisco Catalyst Sd Wan Manager	Version 18.3.5
Cisco Catalyst Sd Wan Manager	Version 18.3.6.1
Cisco Catalyst Sd Wan Manager	Version 18.3.7
Cisco Catalyst Sd Wan Manager	Version 18.3.8
Cisco Catalyst Sd Wan Manager	Version 18.4.0.1
Cisco Catalyst Sd Wan Manager	Version 18.4.0
Cisco Catalyst Sd Wan Manager	Version 18.4.1
Cisco Catalyst Sd Wan Manager	Version 18.4.302
Cisco Catalyst Sd Wan Manager	Version 18.4.303
Cisco Catalyst Sd Wan Manager	Version 18.4.3
Cisco Catalyst Sd Wan Manager	Version 18.4.4
Cisco Catalyst Sd Wan Manager	Version 18.4.5
Cisco Catalyst Sd Wan Manager	Version 18.4.6
Cisco Catalyst Sd Wan Manager	Version 19.1.0
Cisco Catalyst Sd Wan Manager	Version 19.2.097
Cisco Catalyst Sd Wan Manager	Version 19.2.099
Cisco Catalyst Sd Wan Manager	Version 19.2.0
Cisco Catalyst Sd Wan Manager	Version 19.2.1
Cisco Catalyst Sd Wan Manager	Version 19.2.2
Cisco Catalyst Sd Wan Manager	Version 19.2.31
Cisco Catalyst Sd Wan Manager	Version 19.2.3
Cisco Catalyst Sd Wan Manager	Version 19.2.4
Cisco Catalyst Sd Wan Manager	Version 19.2.929
Cisco Catalyst Sd Wan Manager	Version 19.3.0
Cisco Catalyst Sd Wan Manager	Version 20.1.1.1
Cisco Catalyst Sd Wan Manager	Version 20.1.12
Cisco Catalyst Sd Wan Manager	Version 20.1.1
Cisco Catalyst Sd Wan Manager	Version 20.1.2
Cisco Catalyst Sd Wan Manager	Version 20.1.3
Cisco Catalyst Sd Wan Manager	Version 20.3.1
Cisco Catalyst Sd Wan Manager	Version 20.3.2.1
Cisco Catalyst Sd Wan Manager	Version 20.3.2
Cisco Catalyst Sd Wan Manager	Version 20.3.3.1
Cisco Catalyst Sd Wan Manager	Version 20.3.3
Cisco Catalyst Sd Wan Manager	Version 20.3.4.1
Cisco Catalyst Sd Wan Manager	Version 20.3.4.2
Cisco Catalyst Sd Wan Manager	Version 20.3.4.3
Cisco Catalyst Sd Wan Manager	Version 20.3.4
Cisco Catalyst Sd Wan Manager	Version 20.3.5.1
Cisco Catalyst Sd Wan Manager	Version 20.3.5
Cisco Catalyst Sd Wan Manager	Version 20.3.6
Cisco Catalyst Sd Wan Manager	Version 20.3.7.1
Cisco Catalyst Sd Wan Manager	Version 20.3.7.2
Cisco Catalyst Sd Wan Manager	Version 20.3.7
Cisco Catalyst Sd Wan Manager	Version 20.3.8
Cisco Catalyst Sd Wan Manager	Version 20.4.1.1
Cisco Catalyst Sd Wan Manager	Version 20.4.1.2
Cisco Catalyst Sd Wan Manager	Version 20.4.1
Cisco Catalyst Sd Wan Manager	Version 20.4.2.1
Cisco Catalyst Sd Wan Manager	Version 20.4.2.2
Cisco Catalyst Sd Wan Manager	Version 20.4.2.3
Cisco Catalyst Sd Wan Manager	Version 20.4.2
Cisco Catalyst Sd Wan Manager	Version 20.5.1.1
Cisco Catalyst Sd Wan Manager	Version 20.5.1.2
Cisco Catalyst Sd Wan Manager	Version 20.5.1
Cisco Catalyst Sd Wan Manager	Version 20.6.1.1
Cisco Catalyst Sd Wan Manager	Version 20.6.1.2
Cisco Catalyst Sd Wan Manager	Version 20.6.1
Cisco Catalyst Sd Wan Manager	Version 20.6.2.1
Cisco Catalyst Sd Wan Manager	Version 20.6.2.2
Cisco Catalyst Sd Wan Manager	Version 20.6.2
Cisco Catalyst Sd Wan Manager	Version 20.6.3.0.45
Cisco Catalyst Sd Wan Manager	Version 20.6.3.0.46
Cisco Catalyst Sd Wan Manager	Version 20.6.3.0.47
Cisco Catalyst Sd Wan Manager	Version 20.6.3.1
Cisco Catalyst Sd Wan Manager	Version 20.6.3.2
Cisco Catalyst Sd Wan Manager	Version 20.6.3.3
Cisco Catalyst Sd Wan Manager	Version 20.6.3.4
Cisco Catalyst Sd Wan Manager	Version 20.6.3
Cisco Catalyst Sd Wan Manager	Version 20.6.4.0.21
Cisco Catalyst Sd Wan Manager	Version 20.6.4.1
Cisco Catalyst Sd Wan Manager	Version 20.6.4.2
Cisco Catalyst Sd Wan Manager	Version 20.6.4
Cisco Catalyst Sd Wan Manager	Version 20.6.5.1.10
Cisco Catalyst Sd Wan Manager	Version 20.6.5.1.11
Cisco Catalyst Sd Wan Manager	Version 20.6.5.1.13
Cisco Catalyst Sd Wan Manager	Version 20.6.5.1.7
Cisco Catalyst Sd Wan Manager	Version 20.6.5.1.9
Cisco Catalyst Sd Wan Manager	Version 20.6.5.1
Cisco Catalyst Sd Wan Manager	Version 20.6.5.2.4
Cisco Catalyst Sd Wan Manager	Version 20.6.5.2.8
Cisco Catalyst Sd Wan Manager	Version 20.6.5.2
Cisco Catalyst Sd Wan Manager	Version 20.6.5.4
Cisco Catalyst Sd Wan Manager	Version 20.6.5.5
Cisco Catalyst Sd Wan Manager	Version 20.6.5

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-lfi-OWLbKUGe

Source: psirt@cisco.com

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-lfi-OWLbKUGe

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.