VDB

CVE-2023-20253

CVE-2023-20253 PUBLISHED CVSS 7.099999904632568 HIGH

A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to improper access control in the cli-management interface of an affected system. An attacker with low-privilege (read only) access to the cli could exploit this vulnerability by sending a request to roll back the configuration on for other controller and devices managed by an affected system. A successful exploit could allow the attacker to to roll back the configuration on for other controller and devices managed by an affected system.

EPSS 0.00% · 0.3th percentile

Risk Scores

CVSS 3.1
7.099999904632568
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score
0.00%
0.3th percentile

Affected Products

VendorProductVersions
ciscosd-wan_vmanage0, 20.10
CiscoCisco SD-WAN vManage17.2.6, 17.2.7, 17.2.8
ciscocatalyst_sd-wan_manager20.7, 20.8, 20.9

Exploit Intelligence

Timeline

  • Sep 27, 2023 CVE Published
  • Sep 28, 2023 EPSS Score
  • Oct 30, 2023 EPSS Score
  • Dec 1, 2023 EPSS Score
  • Jan 2, 2024 EPSS Score
  • Feb 3, 2024 EPSS Score
  • Mar 5, 2024 EPSS Score
  • Apr 6, 2024 EPSS Score
  • May 8, 2024 EPSS Score
  • Jun 9, 2024 EPSS Score
  • Jul 11, 2024 EPSS Score
  • Aug 2, 2024 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›