VDB

CVE-2023-20179

CVE-2023-20179 PUBLISHED CVSS 4.300000190734863 MEDIUM

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application.

EPSS 0.08% · 23.9th percentile

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.08%
23.9th percentile

Affected Products

VendorProductVersions
ciscosd-wan_vmanage0, 20.7
CiscoCisco SD-WAN vManage20.3.1, 20.3.2, 20.3.2.1

Exploit Intelligence

Timeline

  • Sep 27, 2023 CVE Published
  • Sep 28, 2023 EPSS Score
  • Oct 30, 2023 EPSS Score
  • Dec 1, 2023 EPSS Score
  • Jan 2, 2024 EPSS Score
  • Feb 3, 2024 EPSS Score
  • Mar 5, 2024 EPSS Score
  • Apr 6, 2024 EPSS Score
  • May 8, 2024 EPSS Score
  • Jun 9, 2024 EPSS Score
  • Jul 11, 2024 EPSS Score
  • Aug 12, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›