CVE-2023-20254
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled. This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco SD-WAN vManage | 17.2.6 | affected |
| Cisco | Cisco SD-WAN vManage | 17.2.7 | affected |
| Cisco | Cisco SD-WAN vManage | 17.2.8 | affected |
| Cisco | Cisco SD-WAN vManage | 17.2.9 | affected |
| Cisco | Cisco SD-WAN vManage | 17.2.10 | affected |
| Cisco | Cisco SD-WAN vManage | 17.2.4 | affected |
| Cisco | Cisco SD-WAN vManage | 17.2.5 | affected |
| Cisco | Cisco SD-WAN vManage | 18.3.1.1 | affected |
| Cisco | Cisco SD-WAN vManage | 18.3.3.1 | affected |
| Cisco | Cisco SD-WAN vManage | 18.3.3 | affected |
| Cisco | Cisco SD-WAN vManage | 18.3.4 | affected |
| Cisco | Cisco SD-WAN vManage | 18.3.5 | affected |
| Cisco | Cisco SD-WAN vManage | 18.3.7 | affected |
| Cisco | Cisco SD-WAN vManage | 18.3.8 | affected |
| Cisco | Cisco SD-WAN vManage | 18.3.6.1 | affected |
| Cisco | Cisco SD-WAN vManage | 18.3.1 | affected |
| Cisco | Cisco SD-WAN vManage | 18.3.0 | affected |
| Cisco | Cisco SD-WAN vManage | 18.4.0.1 | affected |
| Cisco | Cisco SD-WAN vManage | 18.4.3 | affected |
| Cisco | Cisco SD-WAN vManage | 18.4.302 | affected |
| Cisco | Cisco SD-WAN vManage | 18.4.303 | affected |
| Cisco | Cisco SD-WAN vManage | 18.4.4 | affected |
| Cisco | Cisco SD-WAN vManage | 18.4.5 | affected |
| Cisco | Cisco SD-WAN vManage | 18.4.0 | affected |
| Cisco | Cisco SD-WAN vManage | 18.4.1 | affected |
| Cisco | Cisco SD-WAN vManage | 18.4.6 | affected |
| Cisco | Cisco SD-WAN vManage | 19.2.0 | affected |
| Cisco | Cisco SD-WAN vManage | 19.2.097 | affected |
| Cisco | Cisco SD-WAN vManage | 19.2.099 | affected |
| Cisco | Cisco SD-WAN vManage | 19.2.1 | affected |
| Cisco | Cisco SD-WAN vManage | 19.2.2 | affected |
| Cisco | Cisco SD-WAN vManage | 19.2.3 | affected |
| Cisco | Cisco SD-WAN vManage | 19.2.31 | affected |
| Cisco | Cisco SD-WAN vManage | 19.2.929 | affected |
| Cisco | Cisco SD-WAN vManage | 19.2.4 | affected |
| Cisco | Cisco SD-WAN vManage | 20.1.1.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.1.12 | affected |
| Cisco | Cisco SD-WAN vManage | 20.1.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.1.2 | affected |
| Cisco | Cisco SD-WAN vManage | 20.1.3 | affected |
| Cisco | Cisco SD-WAN vManage | 19.3.0 | affected |
| Cisco | Cisco SD-WAN vManage | 19.1.0 | affected |
| Cisco | Cisco SD-WAN vManage | 18.2.0 | affected |
| Cisco | Cisco SD-WAN vManage | 20.3.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.3.2 | affected |
| Cisco | Cisco SD-WAN vManage | 20.3.2.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.3.3 | affected |
| Cisco | Cisco SD-WAN vManage | 20.3.3.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.3.4 | affected |
| Cisco | Cisco SD-WAN vManage | 20.3.4.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.3.4.2 | affected |
| Cisco | Cisco SD-WAN vManage | 20.3.5 | affected |
| Cisco | Cisco SD-WAN vManage | 20.3.6 | affected |
| Cisco | Cisco SD-WAN vManage | 20.3.7 | affected |
| Cisco | Cisco SD-WAN vManage | 20.3.7.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.3.4.3 | affected |
| Cisco | Cisco SD-WAN vManage | 20.3.5.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.3.7.2 | affected |
| Cisco | Cisco SD-WAN vManage | 20.4.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.4.1.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.4.1.2 | affected |
| Cisco | Cisco SD-WAN vManage | 20.4.2 | affected |
| Cisco | Cisco SD-WAN vManage | 20.4.2.2 | affected |
| Cisco | Cisco SD-WAN vManage | 20.4.2.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.4.2.3 | affected |
| Cisco | Cisco SD-WAN vManage | 20.5.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.5.1.2 | affected |
| Cisco | Cisco SD-WAN vManage | 20.5.1.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.6.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.6.1.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.6.2.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.6.2.2 | affected |
| Cisco | Cisco SD-WAN vManage | 20.6.2 | affected |
| Cisco | Cisco SD-WAN vManage | 20.6.3 | affected |
| Cisco | Cisco SD-WAN vManage | 20.6.3.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.6.1.2 | affected |
| Cisco | Cisco SD-WAN vManage | 20.6.3.2 | affected |
| Cisco | Cisco SD-WAN vManage | 20.6.3.3 | affected |
| Cisco | Cisco SD-WAN vManage | 20.6.3.0.45 | affected |
| Cisco | Cisco SD-WAN vManage | 20.6.3.0.46 | affected |
| Cisco | Cisco SD-WAN vManage | 20.6.3.0.47 | affected |
| Cisco | Cisco SD-WAN vManage | 20.7.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.7.1.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.7.2 | affected |
| Cisco | Cisco SD-WAN vManage | 20.8.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.9.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.9.2 | affected |
| Cisco | Cisco SD-WAN vManage | 20.9.2.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.9.3 | affected |
| Cisco | Cisco SD-WAN vManage | 20.9.3.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.9.2.3 | affected |
| Cisco | Cisco SD-WAN vManage | 20.9.3.0.12 | affected |
| Cisco | Cisco SD-WAN vManage | 20.9.3.0.16 | affected |
| Cisco | Cisco SD-WAN vManage | 20.9.3.0.17 | affected |
| Cisco | Cisco SD-WAN vManage | 20.9.3.0.18 | affected |
| Cisco | Cisco SD-WAN vManage | 20.9.3.0.20 | affected |
| Cisco | Cisco SD-WAN vManage | 20.9.3.0.21 | affected |
| Cisco | Cisco SD-WAN vManage | 20.9.3.0.23 | affected |
| Cisco | Cisco SD-WAN vManage | 20.10.1 | affected |
| Cisco | Cisco SD-WAN vManage | 20.10.1.1 | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.