Cisco SD-WAN vManage Elasticsearch Config DB RCE via Static Credentials
CVE-2023-20034 Published on September 27, 2023
Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. These vulnerability is due to the presence of a static username and password configured on the vManage. An attacker could exploit this vulnerability by sending a crafted HTTP request to a reachable vManage on port 9200. A successful exploit could allow the attacker to view the Elasticsearch database content. There are workarounds that address this vulnerability.
Vulnerability Analysis
CVE-2023-20034 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Use of Hard-coded Credentials
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
Products Associated with CVE-2023-20034
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-20034 are published in Cisco Sd Wan:
Affected Versions
Cisco SD-WAN vManage:- Version 17.2.6 is affected.
- Version 17.2.7 is affected.
- Version 17.2.8 is affected.
- Version 17.2.9 is affected.
- Version 17.2.10 is affected.
- Version 17.2.4 is affected.
- Version 17.2.5 is affected.
- Version 18.3.1.1 is affected.
- Version 18.3.3.1 is affected.
- Version 18.3.3 is affected.
- Version 18.3.4 is affected.
- Version 18.3.5 is affected.
- Version 18.3.7 is affected.
- Version 18.3.8 is affected.
- Version 18.3.6.1 is affected.
- Version 18.3.1 is affected.
- Version 18.3.0 is affected.
- Version 18.4.0.1 is affected.
- Version 18.4.3 is affected.
- Version 18.4.302 is affected.
- Version 18.4.303 is affected.
- Version 18.4.4 is affected.
- Version 18.4.5 is affected.
- Version 18.4.0 is affected.
- Version 18.4.1 is affected.
- Version 18.4.6 is affected.
- Version 19.2.0 is affected.
- Version 19.2.097 is affected.
- Version 19.2.099 is affected.
- Version 19.2.1 is affected.
- Version 19.2.2 is affected.
- Version 19.2.3 is affected.
- Version 19.2.31 is affected.
- Version 19.2.929 is affected.
- Version 19.2.4 is affected.
- Version 20.1.1.1 is affected.
- Version 20.1.12 is affected.
- Version 20.1.1 is affected.
- Version 20.1.2 is affected.
- Version 20.1.3 is affected.
- Version 19.3.0 is affected.
- Version 19.1.0 is affected.
- Version 18.2.0 is affected.
- Version 20.3.1 is affected.
- Version 20.3.2 is affected.
- Version 20.3.2.1 is affected.
- Version 20.3.3 is affected.
- Version 20.3.3.1 is affected.
- Version 20.4.1 is affected.
- Version 20.4.1.1 is affected.
- Version 20.4.1.2 is affected.
- Version 20.4.2 is affected.
- Version 20.4.2.2 is affected.
- Version 20.4.2.1 is affected.
- Version 20.4.2.3 is affected.
- Version 20.5.1 is affected.
- Version 20.5.1.2 is affected.
- Version 20.5.1.1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.