CVE-2023-20261

Summary

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an affected system. To exploit this vulnerability, the attacker must be an authenticated user.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco SD-WAN vManage17.2.6affected
CiscoCisco SD-WAN vManage17.2.7affected
CiscoCisco SD-WAN vManage17.2.8affected
CiscoCisco SD-WAN vManage17.2.9affected
CiscoCisco SD-WAN vManage17.2.10affected
CiscoCisco SD-WAN vManage17.2.4affected
CiscoCisco SD-WAN vManage17.2.5affected
CiscoCisco SD-WAN vManage18.3.1.1affected
CiscoCisco SD-WAN vManage18.3.3.1affected
CiscoCisco SD-WAN vManage18.3.3affected
CiscoCisco SD-WAN vManage18.3.4affected
CiscoCisco SD-WAN vManage18.3.5affected
CiscoCisco SD-WAN vManage18.3.7affected
CiscoCisco SD-WAN vManage18.3.8affected
CiscoCisco SD-WAN vManage18.3.6.1affected
CiscoCisco SD-WAN vManage18.3.1affected
CiscoCisco SD-WAN vManage18.3.0affected
CiscoCisco SD-WAN vManage18.4.0.1affected
CiscoCisco SD-WAN vManage18.4.3affected
CiscoCisco SD-WAN vManage18.4.302affected
CiscoCisco SD-WAN vManage18.4.303affected
CiscoCisco SD-WAN vManage18.4.4affected
CiscoCisco SD-WAN vManage18.4.5affected
CiscoCisco SD-WAN vManage18.4.0affected
CiscoCisco SD-WAN vManage18.4.1affected
CiscoCisco SD-WAN vManage18.4.6affected
CiscoCisco SD-WAN vManage19.2.0affected
CiscoCisco SD-WAN vManage19.2.097affected
CiscoCisco SD-WAN vManage19.2.099affected
CiscoCisco SD-WAN vManage19.2.1affected
CiscoCisco SD-WAN vManage19.2.2affected
CiscoCisco SD-WAN vManage19.2.3affected
CiscoCisco SD-WAN vManage19.2.31affected
CiscoCisco SD-WAN vManage19.2.929affected
CiscoCisco SD-WAN vManage19.2.4affected
CiscoCisco SD-WAN vManage20.1.1.1affected
CiscoCisco SD-WAN vManage20.1.12affected
CiscoCisco SD-WAN vManage20.1.1affected
CiscoCisco SD-WAN vManage20.1.2affected
CiscoCisco SD-WAN vManage20.1.3affected
CiscoCisco SD-WAN vManage19.3.0affected
CiscoCisco SD-WAN vManage19.1.0affected
CiscoCisco SD-WAN vManage18.2.0affected
CiscoCisco SD-WAN vManage20.3.1affected
CiscoCisco SD-WAN vManage20.3.2affected
CiscoCisco SD-WAN vManage20.3.2.1affected
CiscoCisco SD-WAN vManage20.3.3affected
CiscoCisco SD-WAN vManage20.3.3.1affected
CiscoCisco SD-WAN vManage20.3.4affected
CiscoCisco SD-WAN vManage20.3.4.1affected
CiscoCisco SD-WAN vManage20.3.4.2affected
CiscoCisco SD-WAN vManage20.3.5affected
CiscoCisco SD-WAN vManage20.3.6affected
CiscoCisco SD-WAN vManage20.3.7affected
CiscoCisco SD-WAN vManage20.3.7.1affected
CiscoCisco SD-WAN vManage20.3.4.3affected
CiscoCisco SD-WAN vManage20.3.5.1affected
CiscoCisco SD-WAN vManage20.3.7.2affected
CiscoCisco SD-WAN vManage20.3.8affected
CiscoCisco SD-WAN vManage20.4.1affected
CiscoCisco SD-WAN vManage20.4.1.1affected
CiscoCisco SD-WAN vManage20.4.1.2affected
CiscoCisco SD-WAN vManage20.4.2affected
CiscoCisco SD-WAN vManage20.4.2.2affected
CiscoCisco SD-WAN vManage20.4.2.1affected
CiscoCisco SD-WAN vManage20.4.2.3affected
CiscoCisco SD-WAN vManage20.5.1affected
CiscoCisco SD-WAN vManage20.5.1.2affected
CiscoCisco SD-WAN vManage20.5.1.1affected
CiscoCisco SD-WAN vManage20.6.1affected
CiscoCisco SD-WAN vManage20.6.1.1affected
CiscoCisco SD-WAN vManage20.6.2.1affected
CiscoCisco SD-WAN vManage20.6.2.2affected
CiscoCisco SD-WAN vManage20.6.2affected
CiscoCisco SD-WAN vManage20.6.3affected
CiscoCisco SD-WAN vManage20.6.3.1affected
CiscoCisco SD-WAN vManage20.6.4affected
CiscoCisco SD-WAN vManage20.6.5affected
CiscoCisco SD-WAN vManage20.6.5.1affected
CiscoCisco SD-WAN vManage20.6.1.2affected
CiscoCisco SD-WAN vManage20.6.3.2affected
CiscoCisco SD-WAN vManage20.6.4.1affected
CiscoCisco SD-WAN vManage20.6.5.2affected
CiscoCisco SD-WAN vManage20.6.5.4affected
CiscoCisco SD-WAN vManage20.6.3.3affected
CiscoCisco SD-WAN vManage20.6.4.2affected
CiscoCisco SD-WAN vManage20.6.3.0.45affected
CiscoCisco SD-WAN vManage20.6.3.0.46affected
CiscoCisco SD-WAN vManage20.6.3.0.47affected
CiscoCisco SD-WAN vManage20.6.3.4affected
CiscoCisco SD-WAN vManage20.6.4.0.21affected
CiscoCisco SD-WAN vManage20.6.5.1.10affected
CiscoCisco SD-WAN vManage20.6.5.1.11affected
CiscoCisco SD-WAN vManage20.6.5.1.7affected
CiscoCisco SD-WAN vManage20.6.5.1.9affected
CiscoCisco SD-WAN vManage20.6.5.2.4affected
CiscoCisco SD-WAN vManage20.6.5.5affected
CiscoCisco SD-WAN vManage20.6.5.2.8affected
CiscoCisco SD-WAN vManage20.6.5.1.13affected

Weaknesses

  • CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References