CVE-2023-20262

Published: Sep 27, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected. This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system. A successful exploit could allow the attacker to cause the SSH process to crash and restart, resulting in a DoS condition for the SSH service.

Affected (4)

Products: Cisco: Catalyst Sd Wan Manager, Sd Wan Vmanage

Cisco

2 products

Catalyst Sd Wan Manager

Sd Wan Vmanage

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Cisco Catalyst Sd Wan Manager	From 20.4 to 20.9.3
Cisco Sd Wan Vmanage	Before 20.3.7
Cisco Sd Wan Vmanage	From 20.10 to 20.11.1
Cisco Sd Wan Vmanage	Version 20.12

Related CWEs

CWE-399

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z

Source: psirt@cisco.com

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.