VDB

CVE-2023-20262

CVE-2023-20262 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected. This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system. A successful exploit could allow the attacker to cause the SSH process to crash and restart, resulting in a DoS condition for the SSH service.

EPSS 0.32% · 55.7th percentile

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
0.32%
55.7th percentile

Affected Products

VendorProductVersions
CiscoCisco SD-WAN Solution20.3.3.1, 17.2.5, 17.2.6
ciscosd-wan_vmanage0, 20.10, 20.12
CiscoCisco SD-WAN vManage17.2.9, 17.2.10, 17.2.4
ciscocatalyst_sd-wan_manager20.4
CiscoCisco SD-WAN vSmartN/A

Exploit Intelligence

Timeline

  • Sep 27, 2023 CVE Published
  • Sep 28, 2023 EPSS Score
  • Oct 30, 2023 EPSS Score
  • Dec 1, 2023 EPSS Score
  • Jan 2, 2024 EPSS Score
  • Feb 3, 2024 EPSS Score
  • Mar 5, 2024 EPSS Score
  • Apr 6, 2024 EPSS Score
  • May 8, 2024 EPSS Score
  • Jul 11, 2024 EPSS Score
  • Aug 2, 2024 CVE Updated
  • Aug 12, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›