Cisco Catalyst SD-WAN Auth File Retrieval via Web UI
CVE-2023-20261 Published on October 18, 2023
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an affected system. To exploit this vulnerability, the attacker must be an authenticated user.
Vulnerability Analysis
CVE-2023-20261 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2023-20261 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2023-20261
Want to know whenever a new CVE is published for Cisco Catalyst Sd Wan Manager? stack.watch will email you.
Affected Versions
Cisco SD-WAN vManage:- Version 17.2.6 is affected.
- Version 17.2.7 is affected.
- Version 17.2.8 is affected.
- Version 17.2.9 is affected.
- Version 17.2.10 is affected.
- Version 17.2.4 is affected.
- Version 17.2.5 is affected.
- Version 18.3.1.1 is affected.
- Version 18.3.3.1 is affected.
- Version 18.3.3 is affected.
- Version 18.3.4 is affected.
- Version 18.3.5 is affected.
- Version 18.3.7 is affected.
- Version 18.3.8 is affected.
- Version 18.3.6.1 is affected.
- Version 18.3.1 is affected.
- Version 18.3.0 is affected.
- Version 18.4.0.1 is affected.
- Version 18.4.3 is affected.
- Version 18.4.302 is affected.
- Version 18.4.303 is affected.
- Version 18.4.4 is affected.
- Version 18.4.5 is affected.
- Version 18.4.0 is affected.
- Version 18.4.1 is affected.
- Version 18.4.6 is affected.
- Version 19.2.0 is affected.
- Version 19.2.097 is affected.
- Version 19.2.099 is affected.
- Version 19.2.1 is affected.
- Version 19.2.2 is affected.
- Version 19.2.3 is affected.
- Version 19.2.31 is affected.
- Version 19.2.929 is affected.
- Version 19.2.4 is affected.
- Version 20.1.1.1 is affected.
- Version 20.1.12 is affected.
- Version 20.1.1 is affected.
- Version 20.1.2 is affected.
- Version 20.1.3 is affected.
- Version 19.3.0 is affected.
- Version 19.1.0 is affected.
- Version 18.2.0 is affected.
- Version 20.3.1 is affected.
- Version 20.3.2 is affected.
- Version 20.3.2.1 is affected.
- Version 20.3.3 is affected.
- Version 20.3.3.1 is affected.
- Version 20.3.4 is affected.
- Version 20.3.4.1 is affected.
- Version 20.3.4.2 is affected.
- Version 20.3.5 is affected.
- Version 20.3.6 is affected.
- Version 20.3.7 is affected.
- Version 20.3.7.1 is affected.
- Version 20.3.4.3 is affected.
- Version 20.3.5.1 is affected.
- Version 20.3.7.2 is affected.
- Version 20.3.8 is affected.
- Version 20.4.1 is affected.
- Version 20.4.1.1 is affected.
- Version 20.4.1.2 is affected.
- Version 20.4.2 is affected.
- Version 20.4.2.2 is affected.
- Version 20.4.2.1 is affected.
- Version 20.4.2.3 is affected.
- Version 20.5.1 is affected.
- Version 20.5.1.2 is affected.
- Version 20.5.1.1 is affected.
- Version 20.6.1 is affected.
- Version 20.6.1.1 is affected.
- Version 20.6.2.1 is affected.
- Version 20.6.2.2 is affected.
- Version 20.6.2 is affected.
- Version 20.6.3 is affected.
- Version 20.6.3.1 is affected.
- Version 20.6.4 is affected.
- Version 20.6.5 is affected.
- Version 20.6.5.1 is affected.
- Version 20.6.1.2 is affected.
- Version 20.6.3.2 is affected.
- Version 20.6.4.1 is affected.
- Version 20.6.5.2 is affected.
- Version 20.6.5.4 is affected.
- Version 20.6.3.3 is affected.
- Version 20.6.4.2 is affected.
- Version 20.6.3.0.45 is affected.
- Version 20.6.3.0.46 is affected.
- Version 20.6.3.0.47 is affected.
- Version 20.6.3.4 is affected.
- Version 20.6.4.0.21 is affected.
- Version 20.6.5.1.10 is affected.
- Version 20.6.5.1.11 is affected.
- Version 20.6.5.1.7 is affected.
- Version 20.6.5.1.9 is affected.
- Version 20.6.5.2.4 is affected.
- Version 20.6.5.5 is affected.
- Version 20.6.5.2.8 is affected.
- Version 20.6.5.1.13 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.