CVE-2023-20261

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Oct 18, 2023

Updated: Jan 25, 2024

CWE ID 284

Summary

CVE-2023-20261 is a vulnerability affecting the web UI of Cisco Catalyst SD-WAN Manager. It allows authenticated, remote attackers to retrieve arbitrary files from an affected system due to improper validation of parameters sent to the web UI. An attacker can exploit this vulnerability by logging into Cisco Catalyst SD-WAN Manager and issuing specially crafted web UI requests. Successful exploitation could result in the attacker gaining unauthorized access to files on the underlying Linux file system of the affected system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cisco Catalyst SD-WAN Manager

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tDo-Vj
https://www.cve.org/CVERecord?id=CVE-2023-20261
https://nvd.nist.gov/vuln/detail/CVE-2023-20261

Back to Vulnerability Database