CVE-2023-20214

Summary

A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco SD-WAN vManage20.6.4affected
CiscoCisco SD-WAN vManage20.6.5affected
CiscoCisco SD-WAN vManage20.6.5.1affected
CiscoCisco SD-WAN vManage20.6.4.1affected
CiscoCisco SD-WAN vManage20.6.5.2affected
CiscoCisco SD-WAN vManage20.6.5.4affected
CiscoCisco SD-WAN vManage20.6.3.3affected
CiscoCisco SD-WAN vManage20.6.4.0.21affected
CiscoCisco SD-WAN vManage20.6.5.1.10affected
CiscoCisco SD-WAN vManage20.6.5.1.11affected
CiscoCisco SD-WAN vManage20.6.5.1.7affected
CiscoCisco SD-WAN vManage20.6.5.1.9affected
CiscoCisco SD-WAN vManage20.6.5.2.4affected
CiscoCisco SD-WAN vManage20.6.5.2.8affected
CiscoCisco SD-WAN vManage20.6.5.1.13affected
CiscoCisco SD-WAN vManage20.7.1affected
CiscoCisco SD-WAN vManage20.7.1.1affected
CiscoCisco SD-WAN vManage20.7.2affected
CiscoCisco SD-WAN vManage20.8.1affected
CiscoCisco SD-WAN vManage20.9.1affected
CiscoCisco SD-WAN vManage20.9.2affected
CiscoCisco SD-WAN vManage20.9.2.1affected
CiscoCisco SD-WAN vManage20.9.3affected
CiscoCisco SD-WAN vManage20.9.3.1affected
CiscoCisco SD-WAN vManage20.9.2.3affected
CiscoCisco SD-WAN vManage20.9.3.0.12affected
CiscoCisco SD-WAN vManage20.9.3.0.16affected
CiscoCisco SD-WAN vManage20.9.3.0.17affected
CiscoCisco SD-WAN vManage20.9.3.0.18affected
CiscoCisco SD-WAN vManage20.9.3.0.20affected
CiscoCisco SD-WAN vManage20.9.3.0.21affected
CiscoCisco SD-WAN vManage20.9.3.0.23affected
CiscoCisco SD-WAN vManage20.10.1affected
CiscoCisco SD-WAN vManage20.10.1.1affected
CiscoCisco SD-WAN vManage20.11.1affected
CiscoCisco SD-WAN vManage20.11.1.1affected

Weaknesses

  • CWE-287: Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References