VDB

CVE-2023-20252

CVE-2023-20252 PUBLISHED CVSS 9.800000190734863 CRITICAL

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.

EPSS 1.00% · 77.4th percentile

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
1.00%
77.4th percentile

Affected Products

VendorProductVersions
ciscocatalyst_sd-wan_manager20.9.3.2, 20.11.1.2
CiscoCisco SD-WAN vManage20.9.3.2, 20.11.1.2

Exploit Intelligence

Timeline

  • Sep 27, 2023 CVE Published
  • Sep 28, 2023 EPSS Score
  • Oct 30, 2023 EPSS Score
  • Dec 1, 2023 EPSS Score
  • Jan 2, 2024 EPSS Score
  • Mar 5, 2024 EPSS Score
  • Apr 6, 2024 EPSS Score
  • May 8, 2024 EPSS Score
  • Jun 9, 2024 EPSS Score
  • Jul 11, 2024 EPSS Score
  • Aug 12, 2024 EPSS Score
  • Sep 13, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›