A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an affected device using either local terminal access or a management shell interface and then submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system. Note: For additional information about specific impacts, see the Details section of this advisory.
References
Link | Resource |
---|---|
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sdwan-VQAhEjYw | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
22 May 2023, 18:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:cisco:isr_4221:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1131:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4351:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4451-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4331:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100-4g\/6g:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109-2p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4431:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1160:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100-8p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1101:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1101-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4451:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1120:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4321:-:*:*:*:*:*:*:* |
cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4451_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1100-4g\/6g_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1131_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:* |
First Time |
Cisco 4321 Integrated Services Router
Cisco 4221 Integrated Services Router Cisco 4351 Integrated Services Router Cisco 1101-4p Integrated Services Router Cisco 1100-8p Integrated Services Router Cisco 4451-x Integrated Services Router Cisco 1131 Integrated Services Router Cisco 1109-2p Integrated Services Router Cisco 1100 Integrated Services Router Cisco 4451 Integrated Services Router Cisco 1101 Integrated Services Router Cisco 1100-4g\/6g Integrated Services Router Cisco 1109-4p Integrated Services Router Cisco 1120 Integrated Services Router Cisco 4331 Integrated Services Router Cisco 1100-4p Integrated Services Router Cisco 4461 Integrated Services Router Cisco 1109 Integrated Services Router Cisco 1160 Integrated Services Router Cisco 4431 Integrated Services Router |
30 Mar 2023, 19:32
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
References | (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sdwan-VQAhEjYw - Vendor Advisory | |
First Time |
Cisco
Cisco catalyst 8500-4qc Cisco isr 1100-4g\/6g Cisco catalyst 8000v Edge Cisco catalyst 8500l Cisco catalyst 8300-1n1s-4t2x Cisco isr 4461 Cisco catalyst 8300-2n2s-4t2x Cisco isr 1131 Cisco isr 1160 Cisco asr 1002-hx Cisco isr 1109-2p Cisco ios Xe Sd-wan Cisco isr 4321 Cisco catalyst 8540csr Cisco csr 1000v Cisco isr 4451-x Cisco isr 1101-4p Cisco catalyst 8510msr Cisco isr 1120 Cisco isr 4221 Cisco catalyst 8200 Cisco isr 4431 Cisco isr 1109 Cisco catalyst 8300 Cisco isr 4451 Cisco asr 1006-x Cisco isr 1100-4p Cisco asr 1009-x Cisco isr 1100 Cisco catalyst 8300-1n1s-6t Cisco catalyst 8540msr Cisco asr 1001-x Cisco catalyst 8300-2n2s-6t Cisco isr 4331 Cisco isr 4351 Cisco catalyst 8500 Cisco isr 1101 Cisco catalyst 8510csr Cisco isr 1100-8p Cisco isr 1109-4p |
|
CPE | cpe:2.3:h:cisco:catalyst_8300-1n1s-4t2x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_8500:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:asr_1009-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1101-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_8300-1n1s-6t:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1131:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1160:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_8540csr:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4221:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:ios_xe_sd-wan:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:catalyst_8000v_edge:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4451:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109-2p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:csr_1000v:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4351:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_8540msr:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100-4g\/6g:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4461:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_8510csr:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1120:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_8500-4qc:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4321:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1109-4p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:asr_1002-hx:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_8300-2n2s-4t2x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4451-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_8200:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100-8p:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:asr_1001-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4331:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_4431:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_8300:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_8300-2n2s-6t:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1100:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:asr_1006-x:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_8500l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_8510msr:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:isr_1101:-:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo |
23 Mar 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-23 17:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-20035
Mitre link : CVE-2023-20035
CVE.ORG link : CVE-2023-20035
JSON object : View
Products Affected
cisco
- 1109-2p_integrated_services_router
- catalyst_8200
- catalyst_8540msr
- 1109_integrated_services_router
- catalyst_8300-1n1s-6t
- asr_1002-hx
- catalyst_8500
- catalyst_8500-4qc
- 4321_integrated_services_router
- 1109-4p_integrated_services_router
- asr_1009-x
- 4351_integrated_services_router
- 4451-x_integrated_services_router
- 1100-4p_integrated_services_router
- 1100-4g\/6g_integrated_services_router
- csr_1000v
- 1131_integrated_services_router
- 4331_integrated_services_router
- catalyst_8300-2n2s-6t
- 1101_integrated_services_router
- 1160_integrated_services_router
- 4461_integrated_services_router
- 4221_integrated_services_router
- catalyst_8000v_edge
- 4451_integrated_services_router
- asr_1001-x
- catalyst_8300-1n1s-4t2x
- 1101-4p_integrated_services_router
- catalyst_8510msr
- asr_1006-x
- 1100_integrated_services_router
- catalyst_8540csr
- ios_xe_sd-wan
- 4431_integrated_services_router
- catalyst_8300
- catalyst_8300-2n2s-4t2x
- 1120_integrated_services_router
- catalyst_8510csr
- catalyst_8500l
- 1100-8p_integrated_services_router
CWE