CVE-2023-20231

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 27, 2023

Updated: Jan 25, 2024

CWE ID 78

CWE ID 20

Summary

CVE-2023-20231 is a vulnerability affecting the web UI of Cisco IOS XE Software. An authenticated, remote attacker can exploit this issue through input validation insufficiencies, potentially injecting malicious commands. Successful exploitation grants attackers the ability to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges. Note that this vulnerability can only be exploited if the attacker possesses Lobby Ambassador account credentials, which are not configured by default.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cisco IOS-XE

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sz-gV-
https://www.cve.org/CVERecord?id=CVE-2023-20231
https://nvd.nist.gov/vuln/detail/CVE-2023-20231

Back to Vulnerability Database