gsd-2023-20273
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.
Aliases
Aliases
{ GSD: { alias: "CVE-2023-20273", id: "GSD-2023-20273", }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2023-20273", ], details: "A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.", id: "GSD-2023-20273", modified: "2023-12-13T01:20:29.338522Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "psirt@cisco.com", ID: "CVE-2023-20273", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Cisco IOS XE Software", version: { version_data: [ { version_affected: "=", version_value: "16.1.1", }, { version_affected: "=", version_value: "16.1.2", }, { version_affected: "=", version_value: "16.1.3", }, { version_affected: "=", version_value: "16.2.1", }, { version_affected: "=", version_value: "16.2.2", }, { version_affected: "=", version_value: "16.3.1", }, { version_affected: "=", version_value: "16.3.2", }, { version_affected: "=", version_value: "16.3.3", }, { version_affected: "=", version_value: "16.3.1a", }, { version_affected: "=", version_value: "16.3.4", }, { version_affected: "=", version_value: "16.3.5", }, { version_affected: "=", version_value: "16.3.5b", }, { version_affected: "=", version_value: "16.3.6", }, { version_affected: "=", version_value: "16.3.7", }, { version_affected: "=", version_value: "16.3.8", }, { version_affected: "=", version_value: "16.3.9", }, { version_affected: "=", version_value: "16.3.10", }, { version_affected: "=", version_value: "16.3.11", }, { version_affected: "=", version_value: "16.4.1", }, { version_affected: "=", version_value: "16.4.2", }, { version_affected: "=", version_value: "16.4.3", }, { version_affected: "=", version_value: "16.5.1", }, { version_affected: "=", version_value: "16.5.1a", }, { version_affected: "=", version_value: "16.5.1b", }, { version_affected: "=", version_value: "16.5.2", }, { version_affected: "=", version_value: "16.5.3", }, { version_affected: "=", version_value: "16.6.1", }, { version_affected: "=", version_value: "16.6.2", }, { version_affected: "=", version_value: "16.6.3", }, { version_affected: "=", version_value: "16.6.4", }, { version_affected: "=", version_value: "16.6.5", }, { version_affected: "=", version_value: "16.6.4a", }, { version_affected: "=", version_value: "16.6.5a", }, { version_affected: "=", version_value: "16.6.6", }, { version_affected: "=", version_value: "16.6.7", }, { version_affected: "=", version_value: "16.6.8", }, { version_affected: "=", version_value: "16.6.9", }, { version_affected: "=", version_value: "16.6.10", }, { version_affected: "=", version_value: "16.7.1", }, { version_affected: "=", version_value: "16.7.1a", }, { version_affected: "=", version_value: "16.7.1b", }, { version_affected: "=", version_value: "16.7.2", }, { version_affected: "=", version_value: "16.7.3", }, { version_affected: "=", version_value: "16.7.4", }, { version_affected: "=", version_value: "16.8.1", }, { version_affected: "=", version_value: "16.8.1a", }, { version_affected: "=", version_value: "16.8.1b", }, { version_affected: "=", version_value: "16.8.1s", }, { version_affected: "=", version_value: "16.8.1c", }, { version_affected: "=", version_value: "16.8.1d", }, { version_affected: "=", version_value: "16.8.2", }, { version_affected: "=", version_value: "16.8.1e", }, { version_affected: "=", version_value: "16.8.3", }, { version_affected: "=", version_value: "16.9.1", }, { version_affected: "=", version_value: "16.9.2", }, { version_affected: "=", version_value: "16.9.1a", }, { version_affected: "=", version_value: "16.9.1b", }, { version_affected: "=", version_value: "16.9.1s", }, { version_affected: "=", version_value: "16.9.3", }, { version_affected: "=", version_value: "16.9.4", }, { version_affected: "=", version_value: "16.9.3a", }, { version_affected: "=", version_value: "16.9.5", }, { version_affected: "=", version_value: "16.9.5f", }, { version_affected: "=", version_value: "16.9.6", }, { version_affected: "=", version_value: "16.9.7", }, { version_affected: "=", version_value: "16.9.8", }, { version_affected: "=", version_value: "16.10.1", }, { version_affected: "=", version_value: "16.10.1a", }, { version_affected: "=", version_value: "16.10.1b", }, { version_affected: "=", version_value: "16.10.1s", }, { version_affected: "=", version_value: "16.10.1c", }, { version_affected: "=", version_value: "16.10.1e", }, { version_affected: "=", version_value: "16.10.1d", }, { version_affected: "=", version_value: "16.10.2", }, { version_affected: "=", version_value: "16.10.1f", }, { version_affected: "=", version_value: "16.10.1g", }, { version_affected: "=", version_value: "16.10.3", }, { version_affected: "=", version_value: "16.11.1", }, { version_affected: "=", version_value: "16.11.1a", }, { version_affected: "=", version_value: "16.11.1b", }, { version_affected: "=", version_value: "16.11.2", }, { version_affected: "=", version_value: "16.11.1s", }, { version_affected: "=", version_value: "16.12.1", }, { version_affected: "=", version_value: "16.12.1s", }, { version_affected: "=", version_value: "16.12.1a", }, { version_affected: "=", version_value: "16.12.1c", }, { version_affected: "=", version_value: "16.12.1w", }, { version_affected: "=", version_value: "16.12.2", }, { version_affected: "=", version_value: "16.12.1y", }, { version_affected: "=", version_value: "16.12.2a", }, { version_affected: "=", version_value: "16.12.3", }, { version_affected: "=", version_value: "16.12.8", }, { version_affected: "=", version_value: "16.12.2s", }, { version_affected: "=", version_value: "16.12.1x", }, { version_affected: "=", version_value: "16.12.1t", }, { version_affected: "=", version_value: "16.12.4", }, { version_affected: "=", version_value: "16.12.3s", }, { version_affected: "=", version_value: "16.12.3a", }, { version_affected: "=", version_value: "16.12.4a", }, { version_affected: "=", version_value: "16.12.5", }, { version_affected: "=", version_value: "16.12.6", }, { version_affected: "=", version_value: "16.12.1z1", }, { version_affected: "=", version_value: "16.12.5a", }, { version_affected: "=", version_value: "16.12.5b", }, { version_affected: "=", version_value: "16.12.1z2", }, { version_affected: "=", version_value: "16.12.6a", }, { version_affected: "=", version_value: "16.12.7", }, { version_affected: "=", version_value: "16.12.9", }, { version_affected: "=", version_value: "16.12.10", }, { version_affected: "=", version_value: "17.1.1", }, { version_affected: "=", version_value: "17.1.1a", }, { version_affected: "=", version_value: "17.1.1s", }, { version_affected: "=", version_value: "17.1.1t", }, { version_affected: "=", version_value: "17.1.3", }, { version_affected: "=", version_value: "17.2.1", }, { version_affected: "=", version_value: "17.2.1r", }, { version_affected: "=", version_value: "17.2.1a", }, { version_affected: "=", version_value: "17.2.1v", }, { version_affected: "=", version_value: "17.2.2", }, { version_affected: "=", version_value: "17.2.3", }, { version_affected: "=", version_value: "17.3.1", }, { version_affected: "=", version_value: "17.3.2", }, { version_affected: "=", version_value: "17.3.3", }, { version_affected: "=", version_value: "17.3.1a", }, { version_affected: "=", version_value: "17.3.1w", }, { version_affected: "=", version_value: "17.3.2a", }, { version_affected: "=", version_value: "17.3.1x", }, { version_affected: "=", version_value: "17.3.1z", }, { version_affected: "=", version_value: "17.3.4", }, { version_affected: "=", version_value: "17.3.5", }, { version_affected: "=", version_value: "17.3.4a", }, { version_affected: "=", version_value: "17.3.6", }, { version_affected: "=", version_value: "17.3.4b", }, { version_affected: "=", version_value: "17.3.4c", }, { version_affected: "=", version_value: "17.3.5a", }, { version_affected: "=", version_value: "17.3.5b", }, { version_affected: "=", version_value: "17.3.7", }, { version_affected: "=", version_value: "17.3.8", }, { version_affected: "=", version_value: "17.4.1", }, { version_affected: "=", version_value: "17.4.2", }, { version_affected: "=", version_value: "17.4.1a", }, { version_affected: "=", version_value: "17.4.1b", }, { version_affected: "=", version_value: "17.4.2a", }, { version_affected: "=", version_value: "17.5.1", }, { version_affected: "=", version_value: "17.5.1a", }, { version_affected: "=", version_value: "17.5.1b", }, { version_affected: "=", version_value: "17.5.1c", }, { version_affected: "=", version_value: "17.6.1", }, { version_affected: "=", version_value: "17.6.2", }, { version_affected: "=", version_value: "17.6.1w", }, { version_affected: "=", version_value: "17.6.1a", }, { version_affected: "=", version_value: "17.6.1x", }, { version_affected: "=", version_value: "17.6.3", }, { version_affected: "=", version_value: "17.6.1y", }, { version_affected: "=", version_value: "17.6.1z", }, { version_affected: "=", version_value: "17.6.3a", }, { version_affected: "=", version_value: "17.6.4", }, { version_affected: "=", version_value: "17.6.1z1", }, { version_affected: "=", version_value: "17.6.5", }, { version_affected: "=", version_value: "17.6.6", }, { version_affected: "=", version_value: "17.7.1", }, { version_affected: "=", version_value: "17.7.1a", }, { version_affected: "=", version_value: "17.7.1b", }, { version_affected: "=", version_value: "17.7.2", }, { version_affected: "=", version_value: "17.10.1", }, { version_affected: "=", version_value: "17.10.1a", }, { version_affected: "=", version_value: "17.10.1b", }, { version_affected: "=", version_value: "17.8.1", }, { version_affected: "=", version_value: "17.8.1a", }, { version_affected: "=", version_value: "17.9.1", }, { version_affected: "=", version_value: "17.9.1w", }, { version_affected: "=", version_value: "17.9.2", }, { version_affected: "=", version_value: "17.9.1a", }, { version_affected: "=", version_value: "17.9.1x", }, { version_affected: "=", version_value: "17.9.1y", }, { version_affected: "=", version_value: "17.9.3", }, { version_affected: "=", version_value: "17.9.2a", }, { version_affected: "=", version_value: "17.9.1x1", }, { version_affected: "=", version_value: "17.9.3a", }, { version_affected: "=", version_value: "17.9.4", }, { version_affected: "=", version_value: "17.9.1y1", }, { version_affected: "=", version_value: "17.11.1", }, { version_affected: "=", version_value: "17.11.1a", }, { version_affected: "=", version_value: "17.12.1", }, { version_affected: "=", version_value: "17.12.1a", }, { version_affected: "=", version_value: "17.11.99SW", }, ], }, }, ], }, vendor_name: "Cisco", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.", }, ], }, exploit: [ { lang: "en", value: "Cisco is aware of active exploitation of these vulnerabilities.", }, ], impact: { cvss: [ { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { cweId: "CWE-78", lang: "eng", value: "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", }, ], }, ], }, references: { reference_data: [ { name: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z", refsource: "MISC", url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z", }, ], }, source: { advisory: "cisco-sa-iosxe-webui-privesc-j22SaA4z", defects: [ "CSCwh87343", ], discovery: "EXTERNAL", }, }, "nvd.nist.gov": { cve: { cisaActionDue: "2023-10-27", cisaExploitAdd: "2023-10-23", cisaRequiredAction: "Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.", cisaVulnerabilityName: "Cisco IOS XE Web UI Command Injection Vulnerability", configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", matchCriteriaId: "BEA2169A-BE52-48B4-8967-D99A4BCAFF58", versionEndExcluding: "17.3.8a", versionStartIncluding: "17.3", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", matchCriteriaId: "281561C8-E24D-4AC1-B1F8-1D32171B9A2F", versionEndExcluding: "17.6.6a", versionStartIncluding: "17.6", vulnerable: true, }, { criteria: "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", matchCriteriaId: "B628DA7F-32AA-459B-95A6-AF3BFC0E765C", versionEndExcluding: "17.9.4a", versionStartIncluding: "17.9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", matchCriteriaId: "2C8A350D-6C3A-430F-9763-5D167C5CEAE5", versionEndExcluding: "16.12.10a", versionStartIncluding: "16.12", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:cisco:catalyst_3650:-:*:*:*:*:*:*:*", matchCriteriaId: "7814FA61-CAF1-46DE-9D84-CEBE6480EA03", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-12x48fd-e:-:*:*:*:*:*:*:*", matchCriteriaId: "7EE4F60E-DF3D-4839-8731-7CF16DA8FF26", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-12x48fd-l:-:*:*:*:*:*:*:*", matchCriteriaId: "8EA5EEE3-A084-46B4-84C0-ADFD69800649", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-12x48fd-s:-:*:*:*:*:*:*:*", matchCriteriaId: "592F67D5-344B-49AF-A277-1089A40AC2FD", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-12x48uq:-:*:*:*:*:*:*:*", matchCriteriaId: "7434059A-25B8-4FAC-A756-6E571348B76E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-12x48uq-e:-:*:*:*:*:*:*:*", matchCriteriaId: "DB2A5355-BF40-437C-8683-A7A81DEE362C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-12x48uq-l:-:*:*:*:*:*:*:*", matchCriteriaId: "43F4B90E-3499-45D4-864D-18505E2149F2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-12x48uq-s:-:*:*:*:*:*:*:*", matchCriteriaId: "1B9BE6BA-6B2D-47C9-B8F1-3C9CE213948D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-12x48ur:-:*:*:*:*:*:*:*", matchCriteriaId: "858FEECF-CC69-4E68-8E8A-674643021964", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-12x48ur-e:-:*:*:*:*:*:*:*", matchCriteriaId: "BE5FCCFF-E491-474F-9B86-AB51D8244582", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-12x48ur-l:-:*:*:*:*:*:*:*", matchCriteriaId: "EA8464F8-D6D2-4165-ADE8-B40F7D8556C2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-12x48ur-s:-:*:*:*:*:*:*:*", matchCriteriaId: "61007628-A81B-43E0-86DE-1F7DDAD9F1A7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-12x48uz:-:*:*:*:*:*:*:*", matchCriteriaId: "91B9F022-4C3D-493E-9418-E9CDDAFEC9B1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-12x48uz-e:-:*:*:*:*:*:*:*", matchCriteriaId: "2C3F03C3-C0CA-4E9B-A99A-BE28153EB5C9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-12x48uz-l:-:*:*:*:*:*:*:*", matchCriteriaId: "B39F250E-6A89-4537-BD31-1FB81734A9A1", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-12x48uz-s:-:*:*:*:*:*:*:*", matchCriteriaId: "CB4E3B69-DDE8-4EA2-8E63-D6EEF41083B3", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24pd:-:*:*:*:*:*:*:*", matchCriteriaId: "8904EAF5-25E7-4A6B-8117-1859F913B83B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24pd-e:-:*:*:*:*:*:*:*", matchCriteriaId: "A369CD35-1242-4556-A83D-BD69CC149CFA", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24pd-l:-:*:*:*:*:*:*:*", matchCriteriaId: "AA2D1B9E-6234-4FD6-A003-AFBC8A4DC2E6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24pd-s:-:*:*:*:*:*:*:*", matchCriteriaId: "784A1499-1F33-493D-B433-EB2550C03C19", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24pdm:-:*:*:*:*:*:*:*", matchCriteriaId: "59A990D6-B748-4AFD-B924-1D19680BD3DB", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24pdm-e:-:*:*:*:*:*:*:*", matchCriteriaId: "CECFC88D-5480-46E4-BF74-E11A514A8BDD", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24pdm-l:-:*:*:*:*:*:*:*", matchCriteriaId: "E54D16A8-0407-41E3-9599-9A6F57E1AA75", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24pdm-s:-:*:*:*:*:*:*:*", matchCriteriaId: "C94A9A21-C4F7-4EA4-95B1-DEA7DDA0F77D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24ps-e:-:*:*:*:*:*:*:*", matchCriteriaId: "DF3818CC-8653-4A9E-A57B-950A15914D6B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24ps-l:-:*:*:*:*:*:*:*", matchCriteriaId: "7EDC790B-B42D-45DB-ACF5-A789F76C2BC4", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24ps-s:-:*:*:*:*:*:*:*", matchCriteriaId: "C2A6BC84-91F2-437D-9D2E-F8B3F5966767", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24td-e:-:*:*:*:*:*:*:*", matchCriteriaId: "7F331F13-5D05-4213-B442-D48D8E22287B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24td-l:-:*:*:*:*:*:*:*", matchCriteriaId: "A6E312F4-90DA-40E4-BCD1-92F41BEEEECF", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24td-s:-:*:*:*:*:*:*:*", matchCriteriaId: "CA32EA3F-946D-430D-B00F-939D828DD72C", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24ts-e:-:*:*:*:*:*:*:*", matchCriteriaId: "D239A09C-34D2-4418-B538-03A1080B8479", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24ts-l:-:*:*:*:*:*:*:*", matchCriteriaId: "2C84561E-DD99-4433-9EF2-083F7C300123", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-24ts-s:-:*:*:*:*:*:*:*", matchCriteriaId: "B29871BE-CA7D-4108-B46A-CBD539C9A2B8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48fd-e:-:*:*:*:*:*:*:*", matchCriteriaId: "39CD9189-6524-4157-B90E-FF6A81DE3599", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48fd-l:-:*:*:*:*:*:*:*", matchCriteriaId: "2CF1B702-643A-4AF2-B0AD-3C540CF85F2A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48fd-s:-:*:*:*:*:*:*:*", matchCriteriaId: "96269625-CB31-4850-872B-B2C1321B13B6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48fq:-:*:*:*:*:*:*:*", matchCriteriaId: "426B68A6-3A41-43DB-846F-AEFBA62E221B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48fq-e:-:*:*:*:*:*:*:*", matchCriteriaId: "5BDE086A-3FE5-46E3-BD66-23D0AE5089BE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48fq-l:-:*:*:*:*:*:*:*", matchCriteriaId: "FA53775A-D3ED-4D34-8338-A384DBEB94E5", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48fq-s:-:*:*:*:*:*:*:*", matchCriteriaId: "DE7D4522-D6BB-467F-AF5D-4D753A89D524", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48fqm:-:*:*:*:*:*:*:*", matchCriteriaId: "9C96215F-A300-4B4E-9D3A-C32E484BFC5B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48fqm-e:-:*:*:*:*:*:*:*", matchCriteriaId: "0C680534-C663-40B0-A4AA-7F292EE60FE2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48fqm-l:-:*:*:*:*:*:*:*", matchCriteriaId: "BAF4F233-7B47-46ED-BDC5-A589BCFC0B39", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48fqm-s:-:*:*:*:*:*:*:*", matchCriteriaId: "4A528EC0-4650-4787-BE52-A588E7E38A31", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48fs-e:-:*:*:*:*:*:*:*", matchCriteriaId: "53898E96-03D6-43A2-AE05-46C62464BD26", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48fs-l:-:*:*:*:*:*:*:*", matchCriteriaId: "465917E5-8BF0-4BBB-85A0-DE8F516880C9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48fs-s:-:*:*:*:*:*:*:*", matchCriteriaId: "D9FA66D9-E465-406E-A95C-608A1BE34D74", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48pd-e:-:*:*:*:*:*:*:*", matchCriteriaId: "4EFFE6E6-413F-48AC-B4CE-0F1058C48FC2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48pd-l:-:*:*:*:*:*:*:*", matchCriteriaId: "1456B204-A2A5-4790-A684-7F50D692EC9F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48pd-s:-:*:*:*:*:*:*:*", matchCriteriaId: "AD715BDD-7C74-4785-BEDF-75918F6FB37A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48pq-e:-:*:*:*:*:*:*:*", matchCriteriaId: "4CD10664-94D0-48C0-92EF-E8EA66841245", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48pq-l:-:*:*:*:*:*:*:*", matchCriteriaId: "071A47F9-FF35-4F2C-BF5D-897CAC8BC08A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48pq-s:-:*:*:*:*:*:*:*", matchCriteriaId: "9E988448-36C9-47E0-9356-DA400EB824E3", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48ps-e:-:*:*:*:*:*:*:*", matchCriteriaId: "9D067EF9-00DB-4979-B12E-55749059A083", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48ps-l:-:*:*:*:*:*:*:*", matchCriteriaId: "A9FA300A-44B1-44EE-8111-C1296EB0B638", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48ps-s:-:*:*:*:*:*:*:*", matchCriteriaId: "8598A543-B30B-4BD4-9974-F432FFFDCDD7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48td-e:-:*:*:*:*:*:*:*", matchCriteriaId: "48DEBBAD-D28D-4784-BBD8-9FAD1710A919", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48td-l:-:*:*:*:*:*:*:*", matchCriteriaId: "8A5FC516-6B48-4D77-B26D-FA097AC91D1A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48td-s:-:*:*:*:*:*:*:*", matchCriteriaId: "6A7437E4-5C09-436C-AFBC-F6B6747A4339", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48tq-e:-:*:*:*:*:*:*:*", matchCriteriaId: "ECBC0277-4990-4DE7-AD80-20E8A6F561D2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48tq-l:-:*:*:*:*:*:*:*", matchCriteriaId: "6E7DAF69-662B-4999-A6AD-AA528B53EAF7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48tq-s:-:*:*:*:*:*:*:*", matchCriteriaId: "2DF90C70-A2B8-44A4-B4A1-2A1B48AA9D0A", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48ts-e:-:*:*:*:*:*:*:*", matchCriteriaId: "D28306B1-3DDE-4444-9784-522B3D2163EE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48ts-l:-:*:*:*:*:*:*:*", matchCriteriaId: "9257D187-1F2D-40F4-8C87-78978DB56C3F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-48ts-s:-:*:*:*:*:*:*:*", matchCriteriaId: "5BF4A033-FD9E-4B98-A0FD-CF6CD9BD3E5B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-8x24pd-e:-:*:*:*:*:*:*:*", matchCriteriaId: "C4AF8261-74E0-4F53-B82C-A7BA7559D7CB", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-8x24pd-l:-:*:*:*:*:*:*:*", matchCriteriaId: "25AE251E-E99F-4546-85B0-C57834B040B7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-8x24pd-s:-:*:*:*:*:*:*:*", matchCriteriaId: "C62FFCB9-4253-459B-9298-C252DA9177DB", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-8x24uq:-:*:*:*:*:*:*:*", matchCriteriaId: "991CBDFB-6836-4D1F-80A9-14EBCE3F855F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-8x24uq-e:-:*:*:*:*:*:*:*", matchCriteriaId: "7B4C0250-DA0D-4CEE-99F4-C211163C6653", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-8x24uq-l:-:*:*:*:*:*:*:*", matchCriteriaId: "8E18C436-AC70-4E2E-8ED2-EEADFCE36CB2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3650-8x24uq-s:-:*:*:*:*:*:*:*", matchCriteriaId: "8D453BF6-AB9F-4D47-B4DF-C25C67358FFE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850:-:*:*:*:*:*:*:*", matchCriteriaId: "005F5347-A5E6-4954-ACAB-E4DF29119724", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-12s-e:-:*:*:*:*:*:*:*", matchCriteriaId: "5C2A8413-DF92-4690-8BC1-A21001BDF76B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-12s-s:-:*:*:*:*:*:*:*", matchCriteriaId: "882B8D8F-E154-45C3-BB47-5353167C9776", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-12x48u:-:*:*:*:*:*:*:*", matchCriteriaId: "C8F7FAA3-003D-4BEE-99CC-C9F75D5293FC", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-12xs-e:-:*:*:*:*:*:*:*", matchCriteriaId: "A54B4EB4-EB41-4522-B7AB-C30F96099EA3", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-12xs-s:-:*:*:*:*:*:*:*", matchCriteriaId: "EAD7BE51-0BA6-4750-B274-A6E33D32B484", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-16xs-e:-:*:*:*:*:*:*:*", matchCriteriaId: "D5B6123E-B86F-4EC8-95D6-4CE47A7D0AC2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-16xs-s:-:*:*:*:*:*:*:*", matchCriteriaId: "C2305B8A-B8F2-4AF4-A86A-EFF11541D62D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24p-e:-:*:*:*:*:*:*:*", matchCriteriaId: "44C3EF8E-DF88-46DC-8E06-B009F346D1D2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24p-l:-:*:*:*:*:*:*:*", matchCriteriaId: "7E87F823-D924-4718-AD81-248A6C619531", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24p-s:-:*:*:*:*:*:*:*", matchCriteriaId: "0BA01B5E-9E7B-4EE6-9480-A82B753BBB82", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24pw-s:-:*:*:*:*:*:*:*", matchCriteriaId: "CCAC93E0-F982-4E37-866E-43B7BC5AC82E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24s-e:-:*:*:*:*:*:*:*", matchCriteriaId: "1FC866C9-BB98-4320-9FFA-F0960C560DA6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24s-s:-:*:*:*:*:*:*:*", matchCriteriaId: "79FB0F3E-BB66-47BB-A59F-2D4C123F9CBE", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24t-e:-:*:*:*:*:*:*:*", matchCriteriaId: "C3AD7495-3DA2-4596-9620-CD36D7C561AC", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24t-l:-:*:*:*:*:*:*:*", matchCriteriaId: "E492F3F8-4188-41E4-9A84-5E30C4AC3378", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24t-s:-:*:*:*:*:*:*:*", matchCriteriaId: "718F2FDC-9EA4-4C4C-8821-B15E56AF8101", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24u:-:*:*:*:*:*:*:*", matchCriteriaId: "EC5CB558-BD42-4615-BC31-41CCF25DE5C9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24u-e:-:*:*:*:*:*:*:*", matchCriteriaId: "BC04072A-9BBE-4A9D-AE39-054D93E0C6D8", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24u-l:-:*:*:*:*:*:*:*", matchCriteriaId: "E45BCCD0-65BB-431F-B448-221C1595CD92", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24u-s:-:*:*:*:*:*:*:*", matchCriteriaId: "F33BA722-0680-4074-8D03-41657F8CDCC7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24xs:-:*:*:*:*:*:*:*", matchCriteriaId: "295C46B4-5E9F-4DD8-861B-00BA43923306", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24xs-e:-:*:*:*:*:*:*:*", matchCriteriaId: "431570C7-74A1-4F7E-8FD0-690AEF0F823B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24xs-s:-:*:*:*:*:*:*:*", matchCriteriaId: "C5D22E15-E1E8-4115-A55F-5743CA9C5947", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24xu:-:*:*:*:*:*:*:*", matchCriteriaId: "F840171D-CA1C-4E25-BD41-6B871C47BB84", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24xu-e:-:*:*:*:*:*:*:*", matchCriteriaId: "7B240B20-CF48-4A72-9653-9D04D59C1391", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24xu-l:-:*:*:*:*:*:*:*", matchCriteriaId: "19D6AC73-67C9-4FA2-A361-FF08B0E3AF47", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-24xu-s:-:*:*:*:*:*:*:*", matchCriteriaId: "58430463-EA77-4DC9-ACDE-4DCF92CA2FC7", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-32xs-e:-:*:*:*:*:*:*:*", matchCriteriaId: "74CCD143-3D6E-4880-B275-ECF5B04238C6", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-32xs-s:-:*:*:*:*:*:*:*", matchCriteriaId: "F0D3784F-C572-4A6F-83B9-BCF64D339BC9", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48f-e:-:*:*:*:*:*:*:*", matchCriteriaId: "E09C466B-CE87-4A57-B40B-88C94BAAF36B", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48f-l:-:*:*:*:*:*:*:*", matchCriteriaId: "D58FF034-8E07-4518-A858-5F16F22217E5", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48f-s:-:*:*:*:*:*:*:*", matchCriteriaId: "376AD386-373D-4B24-966F-D11F76C9020F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48p-e:-:*:*:*:*:*:*:*", matchCriteriaId: "2280CAA3-03F6-4168-8E50-A6B7132A3B0E", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48p-l:-:*:*:*:*:*:*:*", matchCriteriaId: "2E0C1174-C789-4547-9899-F7FCD0905F92", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48p-s:-:*:*:*:*:*:*:*", matchCriteriaId: "EC366801-655A-403B-ACD9-3BB43802A3C5", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48pw-s:-:*:*:*:*:*:*:*", matchCriteriaId: "FF5463D0-A8D3-43EC-8CFF-F659A8C84436", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48t-e:-:*:*:*:*:*:*:*", matchCriteriaId: "1BD50BB2-BFD8-42F2-8C23-0D95187B01F2", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48t-l:-:*:*:*:*:*:*:*", matchCriteriaId: "05D4D7E4-B195-46D8-8A6B-6AA4B8357618", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48t-s:-:*:*:*:*:*:*:*", matchCriteriaId: "39600E51-4A21-4E5B-9FF9-E7C00AE86646", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48u:-:*:*:*:*:*:*:*", matchCriteriaId: "47E4D5A8-7E4A-44C5-81DC-84712781206D", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48u-e:-:*:*:*:*:*:*:*", matchCriteriaId: "B13D6D50-D0FA-4527-BED3-52560DDD5253", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48u-l:-:*:*:*:*:*:*:*", matchCriteriaId: "965BF315-D833-4711-97FC-512151113367", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48u-s:-:*:*:*:*:*:*:*", matchCriteriaId: "2A0ADEBE-3DA2-4850-8115-0AC937FB0A94", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48xs:-:*:*:*:*:*:*:*", matchCriteriaId: "F8E9B149-AA2B-4421-8CC3-5A4B32B7AADF", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48xs-e:-:*:*:*:*:*:*:*", matchCriteriaId: "04072C0F-78A2-4D10-87B2-52DC2537BA89", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48xs-f-e:-:*:*:*:*:*:*:*", matchCriteriaId: "DD5C080E-D5C4-47B2-A46C-4EB3051C5221", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48xs-f-s:-:*:*:*:*:*:*:*", matchCriteriaId: "41CEBEE0-DA67-4EE5-9BCF-263843053A8F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-48xs-s:-:*:*:*:*:*:*:*", matchCriteriaId: "FD262F58-C47F-439E-A9FF-D1C60120D306", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-nm-2-40g:-:*:*:*:*:*:*:*", matchCriteriaId: "35490BDE-DF21-495E-9F8A-7631FCB32A1F", vulnerable: false, }, { criteria: "cpe:2.3:h:cisco:catalyst_3850-nm-8-10g:-:*:*:*:*:*:*:*", matchCriteriaId: "20EFB5B8-4A38-48C5-A363-3C7F7763C1D5", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], descriptions: [ { lang: "en", value: "A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.", }, { lang: "es", value: "Una vulnerabilidad en la funciĂłn de interfaz de usuario web del software Cisco IOS XE podrĂa permitir que un atacante remoto autenticado inyecte comandos con privilegios de root. Esta vulnerabilidad se debe a una validaciĂłn de entrada insuficiente. Un atacante podrĂa aprovechar esta vulnerabilidad enviando datos manipulados a la interfaz de usuario web. Un exploit exitoso podrĂa permitir al atacante inyectar comandos al sistema operativo subyacente con privilegios de root.", }, ], id: "CVE-2023-20273", lastModified: "2024-01-25T17:15:43.297", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.2, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "ykramarz@cisco.com", type: "Secondary", }, ], }, published: "2023-10-25T18:17:23.017", references: [ { source: "ykramarz@cisco.com", tags: [ "Vendor Advisory", ], url: "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z", }, ], sourceIdentifier: "ykramarz@cisco.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "ykramarz@cisco.com", type: "Secondary", }, ], }, }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.