VDB

CVE-2023-20254

CVE-2023-20254 PUBLISHED CVSS 7.199999809265137 HIGH

A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled. This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition.

EPSS 0.35% · 58.0th percentile

Risk Scores

CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.35%
58.0th percentile

Affected Products

VendorProductVersions
CiscoCisco SD-WAN vManage18.4.303, 20.6.3.1, 18.4.5
ciscosd-wan_manager0, 20.7, 20.10
ciscocatalyst_sd-wan_manager17.2.10

Exploit Intelligence

Timeline

  • Sep 27, 2023 CVE Published
  • Sep 28, 2023 EPSS Score
  • Oct 30, 2023 EPSS Score
  • Dec 1, 2023 EPSS Score
  • Jan 2, 2024 EPSS Score
  • Feb 3, 2024 EPSS Score
  • Mar 5, 2024 EPSS Score
  • Apr 6, 2024 EPSS Score
  • May 8, 2024 EPSS Score
  • Jun 9, 2024 EPSS Score
  • Jul 11, 2024 EPSS Score
  • Aug 12, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›