CVE-2023-20029 — Vulnetix

CVE-2023-20029 PUBLISHED CVSS 4.400000095367432 MEDIUM

A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device. This vulnerability is due to insufficient memory protection in the Meraki onboarding feature of an affected device. An attacker could exploit this vulnerability by modifying the Meraki registration parameters. A successful exploit could allow the attacker to elevate privileges to root.

EPSS 0.04% · 12.5th percentile

Risk Scores

CVSS 3.1

4.400000095367432

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

EPSS Score

0.04%

12.5th percentile

Affected Products

Vendor	Product	Versions
cisco	ios_xe	17.8.1, 17.7.1
Cisco	Cisco IOS XE Software	n/a

Exploit Intelligence

20230322 Cisco IOS XE Software Privilege Escalation Vulnerability (circl)

Timeline

Mar 23, 2023 CVE Published
Mar 24, 2023 EPSS Score
May 1, 2023 EPSS Score
Jun 9, 2023 EPSS Score
Jul 17, 2023 EPSS Score
Aug 25, 2023 EPSS Score
Oct 2, 2023 EPSS Score
Nov 9, 2023 EPSS Score
Dec 18, 2023 EPSS Score
Jan 25, 2024 EPSS Score
Mar 3, 2024 EPSS Score
Apr 11, 2024 EPSS Score

References

20230322 Cisco IOS XE Software Privilege Escalation Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-20029 advisory

Open in Interactive Console →