CVE-2023-20253

Summary

A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to improper access control in the cli-management interface of an affected system. An attacker with low-privilege (read only) access to the cli could exploit this vulnerability by sending a request to roll back the configuration on for other controller and devices managed by an affected system. A successful exploit could allow the attacker to to roll back the configuration on for other controller and devices managed by an affected system.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco SD-WAN vManage17.2.6affected
CiscoCisco SD-WAN vManage17.2.7affected
CiscoCisco SD-WAN vManage17.2.8affected
CiscoCisco SD-WAN vManage17.2.9affected
CiscoCisco SD-WAN vManage17.2.10affected
CiscoCisco SD-WAN vManage17.2.4affected
CiscoCisco SD-WAN vManage17.2.5affected
CiscoCisco SD-WAN vManage18.3.1.1affected
CiscoCisco SD-WAN vManage18.3.3.1affected
CiscoCisco SD-WAN vManage18.3.3affected
CiscoCisco SD-WAN vManage18.3.4affected
CiscoCisco SD-WAN vManage18.3.5affected
CiscoCisco SD-WAN vManage18.3.7affected
CiscoCisco SD-WAN vManage18.3.8affected
CiscoCisco SD-WAN vManage18.3.6.1affected
CiscoCisco SD-WAN vManage18.3.1affected
CiscoCisco SD-WAN vManage18.3.0affected
CiscoCisco SD-WAN vManage18.4.0.1affected
CiscoCisco SD-WAN vManage18.4.3affected
CiscoCisco SD-WAN vManage18.4.302affected
CiscoCisco SD-WAN vManage18.4.303affected
CiscoCisco SD-WAN vManage18.4.4affected
CiscoCisco SD-WAN vManage18.4.5affected
CiscoCisco SD-WAN vManage18.4.0affected
CiscoCisco SD-WAN vManage18.4.1affected
CiscoCisco SD-WAN vManage18.4.6affected
CiscoCisco SD-WAN vManage19.2.0affected
CiscoCisco SD-WAN vManage19.2.097affected
CiscoCisco SD-WAN vManage19.2.099affected
CiscoCisco SD-WAN vManage19.2.1affected
CiscoCisco SD-WAN vManage19.2.2affected
CiscoCisco SD-WAN vManage19.2.3affected
CiscoCisco SD-WAN vManage19.2.31affected
CiscoCisco SD-WAN vManage19.2.929affected
CiscoCisco SD-WAN vManage19.2.4affected
CiscoCisco SD-WAN vManage20.1.1.1affected
CiscoCisco SD-WAN vManage20.1.12affected
CiscoCisco SD-WAN vManage20.1.1affected
CiscoCisco SD-WAN vManage20.1.2affected
CiscoCisco SD-WAN vManage20.1.3affected
CiscoCisco SD-WAN vManage19.3.0affected
CiscoCisco SD-WAN vManage19.1.0affected
CiscoCisco SD-WAN vManage18.2.0affected
CiscoCisco SD-WAN vManage20.3.1affected
CiscoCisco SD-WAN vManage20.3.2affected
CiscoCisco SD-WAN vManage20.3.2.1affected
CiscoCisco SD-WAN vManage20.3.3affected
CiscoCisco SD-WAN vManage20.3.3.1affected
CiscoCisco SD-WAN vManage20.3.4affected
CiscoCisco SD-WAN vManage20.3.4.1affected
CiscoCisco SD-WAN vManage20.3.4.2affected
CiscoCisco SD-WAN vManage20.3.5affected
CiscoCisco SD-WAN vManage20.3.6affected
CiscoCisco SD-WAN vManage20.3.7affected
CiscoCisco SD-WAN vManage20.3.7.1affected
CiscoCisco SD-WAN vManage20.3.4.3affected
CiscoCisco SD-WAN vManage20.3.5.1affected
CiscoCisco SD-WAN vManage20.3.7.2affected
CiscoCisco SD-WAN vManage20.4.1affected
CiscoCisco SD-WAN vManage20.4.1.1affected
CiscoCisco SD-WAN vManage20.4.1.2affected
CiscoCisco SD-WAN vManage20.4.2affected
CiscoCisco SD-WAN vManage20.4.2.2affected
CiscoCisco SD-WAN vManage20.4.2.1affected
CiscoCisco SD-WAN vManage20.4.2.3affected
CiscoCisco SD-WAN vManage20.5.1affected
CiscoCisco SD-WAN vManage20.5.1.2affected
CiscoCisco SD-WAN vManage20.5.1.1affected
CiscoCisco SD-WAN vManage20.6.1affected
CiscoCisco SD-WAN vManage20.6.1.1affected
CiscoCisco SD-WAN vManage20.6.1.2affected

Weaknesses

  • CWE-286: Incorrect User Management

ADP Enrichment

CVE Program Container

Additional References

References