fkie_nvd - fkie_cve-2023-20231

fkie_cve-2023-20231

Vulnerability from fkie_nvd

Published

2023-09-27 18:15

Modified

2024-11-21 07:40

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default.

References

▼	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	ios_xe	16.12.4
cisco	ios_xe	16.12.4a
cisco	ios_xe	16.12.5
cisco	ios_xe	16.12.5a
cisco	ios_xe	16.12.5b
cisco	ios_xe	16.12.6
cisco	ios_xe	16.12.6a
cisco	ios_xe	16.12.7
cisco	ios_xe	16.12.8
cisco	ios_xe	16.12.9
cisco	ios_xe	17.2.2
cisco	ios_xe	17.2.3
cisco	ios_xe	17.3.1
cisco	ios_xe	17.3.1a
cisco	ios_xe	17.3.1w
cisco	ios_xe	17.3.1x
cisco	ios_xe	17.3.1z
cisco	ios_xe	17.3.2
cisco	ios_xe	17.3.3
cisco	ios_xe	17.3.4
cisco	ios_xe	17.3.4a
cisco	ios_xe	17.3.4b
cisco	ios_xe	17.3.4c
cisco	ios_xe	17.3.5
cisco	ios_xe	17.3.5a
cisco	ios_xe	17.3.5b
cisco	ios_xe	17.3.6
cisco	ios_xe	17.4.1
cisco	ios_xe	17.4.1a
cisco	ios_xe	17.4.1b
cisco	ios_xe	17.4.2
cisco	ios_xe	17.4.2a
cisco	ios_xe	17.5.1
cisco	ios_xe	17.5.1a
cisco	ios_xe	17.5.1b
cisco	ios_xe	17.5.1c
cisco	ios_xe	17.6.1
cisco	ios_xe	17.6.1.z
cisco	ios_xe	17.6.1a
cisco	ios_xe	17.6.1w
cisco	ios_xe	17.6.1x
cisco	ios_xe	17.6.1y
cisco	ios_xe	17.6.1z1
cisco	ios_xe	17.6.2
cisco	ios_xe	17.6.3
cisco	ios_xe	17.6.3a
cisco	ios_xe	17.6.4
cisco	ios_xe	17.6.5
cisco	ios_xe	17.7.1
cisco	ios_xe	17.7.1a
cisco	ios_xe	17.7.1b
cisco	ios_xe	17.7.2
cisco	ios_xe	17.8.1
cisco	ios_xe	17.8.1a
cisco	ios_xe	17.9.1
cisco	ios_xe	17.9.1a
cisco	ios_xe	17.9.1w
cisco	ios_xe	17.9.1x
cisco	ios_xe	17.9.1x1
cisco	ios_xe	17.9.1y
cisco	ios_xe	17.9.2
cisco	ios_xe	17.9.2a
cisco	ios_xe	17.9.2b
cisco	ios_xe	17.10.1
cisco	ios_xe	17.10.1a
cisco	ios_xe	17.10.1b
cisco	ios_xe	17.91w
cisco	catalyst_9105ax	-
cisco	catalyst_9105axi	-
cisco	catalyst_9105axw	-
cisco	catalyst_9115ax	-
cisco	catalyst_9115axe	-
cisco	catalyst_9115axi	-
cisco	catalyst_9117ax	-
cisco	catalyst_9117axi	-
cisco	catalyst_9120ax	-
cisco	catalyst_9120axe	-
cisco	catalyst_9120axi	-
cisco	catalyst_9120axp	-
cisco	catalyst_9124ax	-
cisco	catalyst_9124axd	-
cisco	catalyst_9124axi	-
cisco	catalyst_9130ax	-
cisco	catalyst_9130axe	-
cisco	catalyst_9130axi	-
cisco	catalyst_9300	-
cisco	catalyst_9300-24p-a	-
cisco	catalyst_9300-24p-e	-
cisco	catalyst_9300-24s-a	-
cisco	catalyst_9300-24s-e	-
cisco	catalyst_9300-24t-a	-
cisco	catalyst_9300-24t-e	-
cisco	catalyst_9300-24u-a	-
cisco	catalyst_9300-24u-e	-
cisco	catalyst_9300-24ux-a	-
cisco	catalyst_9300-24ux-e	-
cisco	catalyst_9300-48p-a	-
cisco	catalyst_9300-48p-e	-
cisco	catalyst_9300-48s-a	-
cisco	catalyst_9300-48s-e	-
cisco	catalyst_9300-48t-a	-
cisco	catalyst_9300-48t-e	-
cisco	catalyst_9300-48u-a	-
cisco	catalyst_9300-48u-e	-
cisco	catalyst_9300-48un-a	-
cisco	catalyst_9300-48un-e	-
cisco	catalyst_9300-48uxm-a	-
cisco	catalyst_9300-48uxm-e	-
cisco	catalyst_9300l	-
cisco	catalyst_9300l-24p-4g-a	-
cisco	catalyst_9300l-24p-4g-e	-
cisco	catalyst_9300l-24p-4x-a	-
cisco	catalyst_9300l-24p-4x-e	-
cisco	catalyst_9300l-24t-4g-a	-
cisco	catalyst_9300l-24t-4g-e	-
cisco	catalyst_9300l-24t-4x-a	-
cisco	catalyst_9300l-24t-4x-e	-
cisco	catalyst_9300l-48p-4g-a	-
cisco	catalyst_9300l-48p-4g-e	-
cisco	catalyst_9300l-48p-4x-a	-
cisco	catalyst_9300l-48p-4x-e	-
cisco	catalyst_9300l-48t-4g-a	-
cisco	catalyst_9300l-48t-4g-e	-
cisco	catalyst_9300l-48t-4x-a	-
cisco	catalyst_9300l-48t-4x-e	-
cisco	catalyst_9300l_stack	-
cisco	catalyst_9300lm	-
cisco	catalyst_9300x	-
cisco	catalyst_9400	-
cisco	catalyst_9407r	-
cisco	catalyst_9410r	-
cisco	catalyst_9500	-
cisco	catalyst_9500h	-
cisco	catalyst_9800	-
cisco	catalyst_9800-40	-
cisco	catalyst_9800-80	-
cisco	catalyst_9800-cl	-
cisco	catalyst_9800-l	-
cisco	catalyst_9800-l-c	-
cisco	catalyst_9800-l-f	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F02EE9D-45B1-43D6-B05D-6FF19472216B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C1DBBCD-4C5A-43BB-8FB0-6F1AF99ED0D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FCB9440-F470-45D1-AAFA-01FB5D76B600",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F66ECFE-B631-47AE-995F-024A4E586A85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.5b:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBFDD70-7AF3-47AE-94CA-56C19F2D6234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B736F09-3B51-4B2A-92F6-602847001F15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F58A94E-B050-4EFA-84BA-43B11BA22E77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E864BB1-FD23-4AB3-9138-5FD8B62EAF5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "838D6C2D-C131-4A9C-AAE5-5BF38E637E4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.12.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "37D5E77B-687D-4AE7-95B8-0AB56AF5DAD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "75CCB5F1-27F5-4FF9-8389-0A9ABCF7F070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "08DCCBA3-82D2-4444-B5D3-E5FC58D024F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "128F95D7-E49F-4B36-8F47-823C0298449E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "E21B3881-37E9-4C00-9336-12C9C28D1B61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1w:*:*:*:*:*:*:*",
              "matchCriteriaId": "E54599DB-A85E-4EEA-9985-2CBF90E28A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1x:*:*:*:*:*:*:*",
              "matchCriteriaId": "4046C325-7EDB-4C95-AA98-541BEC8F9E0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.1z:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5B70A3D-CBE1-4218-A7B4-F85741A57BD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B270A04-9961-4E99-806B-441CD674AFBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DD2403-113B-4100-8BD4-90E1927E6648",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF73937-BCE2-4BEF-B4B0-83212DA4A6C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DDB1E60-C2A9-4570-BE80-F3D478A53738",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4b:*:*:*:*:*:*:*",
              "matchCriteriaId": "9841799A-87E2-46AE-807A-824981EAB35A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.4c:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CEF022B-271F-4017-B74B-82748D5EBA01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B2902D8-3A7B-4C47-9BC6-8CA4C580A346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "8871B890-78F4-4D9D-AEFF-6A393493C51E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.5b:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E489AC5-A445-44FF-AA85-F0915577384E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "917BA05C-2A18-4C68-B508-85C2B5A94416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A6B707B-4543-41F1-83DF-49A93BF56FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC8F611B-D347-4A21-90E6-56CF4D8A35A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9A92CE4-B4B0-4C14-AE11-8DFE511406F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "274E3E6F-4280-4EAE-B102-1BE57FE1F1D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.4.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "46B52A51-51DB-4A12-AB1D-8D9605226599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "938B0720-8CA7-43BA-9708-5CE9EC7A565A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.5.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4BE7166-DBD3-4CE6-A14A-725FE896B85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.5.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B5244CD-ECFA-4CCD-B611-C5A59368C5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.5.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDEDC7A0-D031-433B-ABF5-4EC0A43D80CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DE62C4B-7C06-4907-BADE-416C1618D2D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1.z:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7E7D26-3144-48B6-B236-05136CD38157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C60DF3F-DBD9-4BBF-812E-4BB0C47BDF3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1w:*:*:*:*:*:*:*",
              "matchCriteriaId": "26FEE2E2-DD85-4006-8895-0BDA04E8EE4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1x:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0CD237B-2843-4D37-87D7-AE6D1A53458A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1y:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B80614B-6362-45F0-B305-2F137B053DCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.1z1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB7966A0-D84D-47F7-AED9-D041BCDA6703",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "04D19D8C-FACF-49B4-BA99-CC3A3FDADAFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B78942C-BEE1-4D18-9075-8E1D991BF621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B306D35-4A13-4D23-8EC2-D000E8ADCDA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F21093D-1036-4F6B-B90F-ACE1EF99EA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "280D24C6-A2BF-46E8-B512-6A3FA7833922",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "38B87B17-C653-40AC-8AE4-066BB1123C88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.7.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "9012A66E-82C4-4ACF-A4BB-37EC54B87B50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.7.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C945710-7DC3-43D9-9FBE-F2A1B8666C73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "849C6FF1-F7C0-4021-BCA2-A791C87E4F37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7592C7E3-3735-425F-A276-9EE03224CD5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.8.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "1103BE75-EB64-4A9A-801E-EDE6A1F861F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0C2129-8149-4362-827C-A5494C9D398B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "7452C7E9-6241-42C5-9A7F-13C0BD38A2B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.1w:*:*:*:*:*:*:*",
              "matchCriteriaId": "38C48FC4-5362-4B61-8B8C-7CAFFB81045E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.1x:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC43383-DF99-4D38-A220-0A202623B36A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.1x1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7E6CD08-EC7E-42C1-B2C2-CA5E154545A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.1y:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE62DC68-E882-49E7-AAD2-2F73637FFB4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D197445E-EC12-429C-BDD4-F63FA5C1B3E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD27DF50-9E81-4EC5-BA73-513F1DFB972C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.9.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "91A099C9-0C81-4819-BE4A-FE59144C55BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "42FAEC29-D754-49D6-85F1-F5DDFAF6E80F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.10.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCE76032-948F-444F-BA5D-72A34D1CD382",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.10.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A965A2A-129C-45C3-BCB1-2860F583D020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:17.91w:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CAD1C8C-765D-47C4-BAD0-5C2B67460DC4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9105ax:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C76DACE3-7D3B-4FE6-8567-0C9D43FF7A7E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9105axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F93DF4-67DB-4B30-AC22-60C67DF32DB2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9105axw:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59C77B06-3C22-4092-AAAB-DB099A0B16A6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9115ax:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "36E2B891-4F41-4D0D-BAA2-0256C0565BDE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9115axe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE4C56A6-E843-498A-A17B-D3D1B01E70E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9115axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F050F416-44C3-474C-9002-321A33F288D6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9117ax:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8798F4-35BB-4F81-9385-B0274BFAAF15",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9117axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A699C5C-CD03-4263-952F-5074B470F20E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9120ax:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5889AFA2-752E-4EDD-A837-5C003025B25C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9120axe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D41CFE-784B-40EE-9431-8097428E5892",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9120axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D148A27-85B6-4883-96B5-343C8D32F23B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9120axp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "735CA950-672C-4787-8910-48AD07868FDE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9124ax:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53852300-C1D2-4F84-B8DA-4EDBCB374075",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9124axd:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E987C945-4D6D-4BE5-B6F0-784B7E821D11",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9124axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B434C6D7-F583-4D2B-9275-38A5EC4ECC30",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9130ax:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CADEB5A-5147-4420-A825-BAB07BD60AA2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9130axe:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EC1F736-6240-4FA2-9FEC-D8798C9D287C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9130axi:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "169E5354-07EA-4639-AB4B-20D2B9DE784C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0972076B-5C87-44B3-90EC-4C200B89318A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-24p-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3765B3DB-8B1B-46EF-AF7D-ED1EB2079C3A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-24p-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "74AED057-2458-4DE0-8D51-ABD766D07F68",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-24s-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19538C03-5FB8-4401-8B21-489C629D7E7D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-24s-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B26D7061-F471-4DF0-A892-ED132958B84A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-24t-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "033ED443-80E7-4012-9825-07AAC0D44B96",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-24t-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD3F3CC6-A349-47B1-B282-B6458683C191",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-24u-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB24EF21-1C10-48A7-BC68-FFC842A28D12",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-24u-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED0625A2-BF14-4552-83D8-AEE0A04EA023",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-24ux-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0D6ED6-AE64-4E20-B9CD-3EAA22709CFF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-24ux-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21AFDC0D-7629-424E-827B-C8A8767324C3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-48p-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A263CFF2-A659-405B-90EA-51E49B25C6D3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-48p-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEFBD449-217D-4569-99F7-D56B853A3E07",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-48s-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ED668FC-D1A5-4175-A234-23760BA6E788",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-48s-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D650C48-9241-42F7-87A9-20733329489A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-48t-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ED16A65-9AFF-4825-95D1-162FBA0F566D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-48t-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82D345E7-8208-41AC-B11A-4425D29E98A1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-48u-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E386D461-F1C1-4970-B056-D6119E74D449",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-48u-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "99F3A466-F665-4132-ABC4-2DFC0A7E2B55",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-48un-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3395168-FF2E-4CB6-AABE-5E36DEB241CA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-48un-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F525CBC-1CE6-4CAB-B1C1-DFA7EA462EF0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-48uxm-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "226F985C-4669-4D0A-9DB4-CB1465B37B02",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300-48uxm-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B736A43-6F4E-40A9-84E4-D9E251489234",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2FF888F-46F5-4A79-BB88-BB2EC2D27E24",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4g-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26437DA7-2EFE-4CA2-8DB0-9FECBEFAE4EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4g-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E99CA124-7D86-463B-A31E-A7836B7493E6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4x-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E014B028-8DD9-428C-B705-8F428F145932",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24p-4x-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C44229-A842-49B2-AD3E-79C83DB63EBE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4g-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D56D21F-0F55-4AB1-AB9B-8EAE08F4BEDA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4g-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3C0441D-A7AC-4B4E-970A-3A441C2F66B0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4x-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5306E847-C718-4C83-9C97-8AB498DC4A88",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-24t-4x-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "18287CEF-B574-4498-A256-567CA6E6CA7C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4g-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E9AAA2C-495E-4FD1-9050-264FDC25254B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4g-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5713043E-2535-4540-B3EF-41FAC40BECE9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4x-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C0C18E5-45B9-49D2-A4AB-DD8D5CB04C5C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48p-4x-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67701D77-8B03-446A-AE22-4B8CCCD6F029",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4g-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0BEAE3-2056-4B7B-8D7C-AEE3DC86CC2A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4g-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "831A2390-7170-4FC0-A95E-3DAB1791017D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4x-a:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F788CBC4-782F-4A43-AC80-4AEF1C43A22D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l-48t-4x-e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "493989DC-8F1B-45C9-AD11-38B97B958C9C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300l_stack:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "419ABFB5-2C27-4EBE-98EF-8A8B718CD1F9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300lm:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA0DBB2E-DB15-47E1-B8F2-3AC0B1197C5F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9300x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F168FB20-0C44-4A5B-910A-04B9517545C2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "737F22AB-C5A9-4A18-BA3D-38A222491397",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9407r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5508320-8318-41A8-8026-4A61907C1CD7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9410r:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAD337D8-8C72-4025-A8C3-E63598DE7BDB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "176ACF88-6112-4179-8492-50C50577B300",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9500h:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D07FC868-0B38-4F24-BA40-87966FF80AB7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A48E6CF0-7A3B-4D11-8D02-0CD38F2420E9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B9ED0E5-CB20-4106-9CF2-8EB587B33543",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B0E620C-8E09-4F7C-A326-26013173B993",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF93F1C8-669F-4ECB-8D81-ECDA7B550175",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E0BA345-B7D7-4975-9199-4DC7875BBFD0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E9EA95F-4E39-4D9C-8A84-D1F6014A4A40",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA0BC769-C244-41BD-BE80-E67F4E1CDDA4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.\r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.\r\n\r Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de usuario web del software Cisco IOS XE podr\u00eda permitir que un atacante remoto autenticado realice un ataque de inyecci\u00f3n contra un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando datos manipulados a la interfaz de usuario web. Un exploit exitoso podr\u00eda permitir al atacante ejecutar comandos arbitrarios al CLI del Cisco IOS XE con privilegios de nivel 15. Nota: Esta vulnerabilidad solo se puede explotar si el atacante obtiene las credenciales de una cuenta de Lobby Ambassador. Esta cuenta no est\u00e1 configurada de forma predeterminada."
    }
  ],
  "id": "CVE-2023-20231",
  "lastModified": "2024-11-21T07:40:57.000",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-27T18:15:11.430",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2023-20231

Vulnerability from cvelistv5

Published

2023-09-27 17:19

Modified

2024-10-24 16:43

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

▼	URL	Tags
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IOS XE Software	Version: 16.12.8 Version: 16.12.4 Version: 16.12.4a Version: 16.12.5 Version: 16.12.6 Version: 16.12.5a Version: 16.12.5b Version: 16.12.6a Version: 16.12.7 Version: 16.12.9 Version: 17.2.2 Version: 17.2.3 Version: 17.3.1 Version: 17.3.2 Version: 17.3.3 Version: 17.3.1a Version: 17.3.1w Version: 17.3.2a Version: 17.3.1x Version: 17.3.1z Version: 17.3.4 Version: 17.3.5 Version: 17.3.4a Version: 17.3.6 Version: 17.3.4b Version: 17.3.4c Version: 17.3.5a Version: 17.3.5b Version: 17.4.1 Version: 17.4.2 Version: 17.4.1a Version: 17.4.1b Version: 17.4.2a Version: 17.5.1 Version: 17.5.1a Version: 17.5.1b Version: 17.5.1c Version: 17.6.1 Version: 17.6.2 Version: 17.6.1w Version: 17.6.1a Version: 17.6.1x Version: 17.6.3 Version: 17.6.1y Version: 17.6.1z Version: 17.6.3a Version: 17.6.4 Version: 17.6.1z1 Version: 17.6.5 Version: 17.6.5a Version: 17.7.1 Version: 17.7.1a Version: 17.7.1b Version: 17.7.2 Version: 17.10.1 Version: 17.10.1a Version: 17.10.1b Version: 17.8.1 Version: 17.8.1a Version: 17.9.1 Version: 17.9.1w Version: 17.9.2 Version: 17.9.1a Version: 17.9.1x Version: 17.9.1y Version: 17.9.2a Version: 17.9.1x1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.687Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-webui-cmdij-FzZAeXAy",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:ios_xe_software:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ios_xe_software",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "16.12.9",
                "status": "affected",
                "version": "16.12.4",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "17.10.1b",
                "status": "affected",
                "version": "17.2.2",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20231",
                "options": [
                  {
                    "Exploitation": "None"
                  },
                  {
                    "Automatable": "No"
                  },
                  {
                    "Technical Impact": "Total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2023-11-15T16:37:40.087205Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-24T16:43:47.359Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IOS XE Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "16.12.8"
            },
            {
              "status": "affected",
              "version": "16.12.4"
            },
            {
              "status": "affected",
              "version": "16.12.4a"
            },
            {
              "status": "affected",
              "version": "16.12.5"
            },
            {
              "status": "affected",
              "version": "16.12.6"
            },
            {
              "status": "affected",
              "version": "16.12.5a"
            },
            {
              "status": "affected",
              "version": "16.12.5b"
            },
            {
              "status": "affected",
              "version": "16.12.6a"
            },
            {
              "status": "affected",
              "version": "16.12.7"
            },
            {
              "status": "affected",
              "version": "16.12.9"
            },
            {
              "status": "affected",
              "version": "17.2.2"
            },
            {
              "status": "affected",
              "version": "17.2.3"
            },
            {
              "status": "affected",
              "version": "17.3.1"
            },
            {
              "status": "affected",
              "version": "17.3.2"
            },
            {
              "status": "affected",
              "version": "17.3.3"
            },
            {
              "status": "affected",
              "version": "17.3.1a"
            },
            {
              "status": "affected",
              "version": "17.3.1w"
            },
            {
              "status": "affected",
              "version": "17.3.2a"
            },
            {
              "status": "affected",
              "version": "17.3.1x"
            },
            {
              "status": "affected",
              "version": "17.3.1z"
            },
            {
              "status": "affected",
              "version": "17.3.4"
            },
            {
              "status": "affected",
              "version": "17.3.5"
            },
            {
              "status": "affected",
              "version": "17.3.4a"
            },
            {
              "status": "affected",
              "version": "17.3.6"
            },
            {
              "status": "affected",
              "version": "17.3.4b"
            },
            {
              "status": "affected",
              "version": "17.3.4c"
            },
            {
              "status": "affected",
              "version": "17.3.5a"
            },
            {
              "status": "affected",
              "version": "17.3.5b"
            },
            {
              "status": "affected",
              "version": "17.4.1"
            },
            {
              "status": "affected",
              "version": "17.4.2"
            },
            {
              "status": "affected",
              "version": "17.4.1a"
            },
            {
              "status": "affected",
              "version": "17.4.1b"
            },
            {
              "status": "affected",
              "version": "17.4.2a"
            },
            {
              "status": "affected",
              "version": "17.5.1"
            },
            {
              "status": "affected",
              "version": "17.5.1a"
            },
            {
              "status": "affected",
              "version": "17.5.1b"
            },
            {
              "status": "affected",
              "version": "17.5.1c"
            },
            {
              "status": "affected",
              "version": "17.6.1"
            },
            {
              "status": "affected",
              "version": "17.6.2"
            },
            {
              "status": "affected",
              "version": "17.6.1w"
            },
            {
              "status": "affected",
              "version": "17.6.1a"
            },
            {
              "status": "affected",
              "version": "17.6.1x"
            },
            {
              "status": "affected",
              "version": "17.6.3"
            },
            {
              "status": "affected",
              "version": "17.6.1y"
            },
            {
              "status": "affected",
              "version": "17.6.1z"
            },
            {
              "status": "affected",
              "version": "17.6.3a"
            },
            {
              "status": "affected",
              "version": "17.6.4"
            },
            {
              "status": "affected",
              "version": "17.6.1z1"
            },
            {
              "status": "affected",
              "version": "17.6.5"
            },
            {
              "status": "affected",
              "version": "17.6.5a"
            },
            {
              "status": "affected",
              "version": "17.7.1"
            },
            {
              "status": "affected",
              "version": "17.7.1a"
            },
            {
              "status": "affected",
              "version": "17.7.1b"
            },
            {
              "status": "affected",
              "version": "17.7.2"
            },
            {
              "status": "affected",
              "version": "17.10.1"
            },
            {
              "status": "affected",
              "version": "17.10.1a"
            },
            {
              "status": "affected",
              "version": "17.10.1b"
            },
            {
              "status": "affected",
              "version": "17.8.1"
            },
            {
              "status": "affected",
              "version": "17.8.1a"
            },
            {
              "status": "affected",
              "version": "17.9.1"
            },
            {
              "status": "affected",
              "version": "17.9.1w"
            },
            {
              "status": "affected",
              "version": "17.9.2"
            },
            {
              "status": "affected",
              "version": "17.9.1a"
            },
            {
              "status": "affected",
              "version": "17.9.1x"
            },
            {
              "status": "affected",
              "version": "17.9.1y"
            },
            {
              "status": "affected",
              "version": "17.9.2a"
            },
            {
              "status": "affected",
              "version": "17.9.1x1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.\r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.\r\n\r Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:58:26.549Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-webui-cmdij-FzZAeXAy",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy"
        }
      ],
      "source": {
        "advisory": "cisco-sa-webui-cmdij-FzZAeXAy",
        "defects": [
          "CSCwe12578"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20231",
    "datePublished": "2023-09-27T17:19:17.664Z",
    "dateReserved": "2022-10-27T18:47:50.369Z",
    "dateUpdated": "2024-10-24T16:43:47.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted