CVE-2023-20035

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-20035
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an affected device using either local terminal access or a management shell interface and then submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system. Note: For additional information about specific impacts, see the Details section of this advisory.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sdwan-VQAhEjYw Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:ios_xe_sd-wan:-:*:*:*:*:*:*:*
OR cpe:2.3:a:cisco:catalyst_8000v_edge:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4g\/6g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1131_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4451_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1001-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1002-hx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1006-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1009-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8200:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8300:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8300-1n1s-4t2x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8300-1n1s-6t:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8300-2n2s-4t2x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8300-2n2s-6t:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8500:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8500-4qc:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8500l:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8510csr:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8510msr:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8540csr:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8540msr:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:csr_1000v:-:*:*:*:*:*:*:*
History

22 May 2023, 18:57

Type Values Removed Values Added
CPE cpe:2.3:h:cisco:isr_4461:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4221:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1131:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4351:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4451-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1109:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4331:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1100-4g\/6g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1109-2p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4431:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1160:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1100-8p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1100:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1101:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1101-4p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1100-4p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1109-4p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4451:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1120:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4321:-:*:*:*:*:*:*:*		 cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4451_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4g\/6g_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1131_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*
First Time Cisco 4321 Integrated Services Router
Cisco 4221 Integrated Services Router
Cisco 4351 Integrated Services Router
Cisco 1101-4p Integrated Services Router
Cisco 1100-8p Integrated Services Router
Cisco 4451-x Integrated Services Router
Cisco 1131 Integrated Services Router
Cisco 1109-2p Integrated Services Router
Cisco 1100 Integrated Services Router
Cisco 4451 Integrated Services Router
Cisco 1101 Integrated Services Router
Cisco 1100-4g\/6g Integrated Services Router
Cisco 1109-4p Integrated Services Router
Cisco 1120 Integrated Services Router
Cisco 4331 Integrated Services Router
Cisco 1100-4p Integrated Services Router
Cisco 4461 Integrated Services Router
Cisco 1109 Integrated Services Router
Cisco 1160 Integrated Services Router
Cisco 4431 Integrated Services Router

30 Mar 2023, 19:32

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
References (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sdwan-VQAhEjYw - (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ios-xe-sdwan-VQAhEjYw - Vendor Advisory
First Time Cisco
Cisco catalyst 8500-4qc
Cisco isr 1100-4g\/6g
Cisco catalyst 8000v Edge
Cisco catalyst 8500l
Cisco catalyst 8300-1n1s-4t2x
Cisco isr 4461
Cisco catalyst 8300-2n2s-4t2x
Cisco isr 1131
Cisco isr 1160
Cisco asr 1002-hx
Cisco isr 1109-2p
Cisco ios Xe Sd-wan
Cisco isr 4321
Cisco catalyst 8540csr
Cisco csr 1000v
Cisco isr 4451-x
Cisco isr 1101-4p
Cisco catalyst 8510msr
Cisco isr 1120
Cisco isr 4221
Cisco catalyst 8200
Cisco isr 4431
Cisco isr 1109
Cisco catalyst 8300
Cisco isr 4451
Cisco asr 1006-x
Cisco isr 1100-4p
Cisco asr 1009-x
Cisco isr 1100
Cisco catalyst 8300-1n1s-6t
Cisco catalyst 8540msr
Cisco asr 1001-x
Cisco catalyst 8300-2n2s-6t
Cisco isr 4331
Cisco isr 4351
Cisco catalyst 8500
Cisco isr 1101
Cisco catalyst 8510csr
Cisco isr 1100-8p
Cisco isr 1109-4p
CPE cpe:2.3:h:cisco:catalyst_8300-1n1s-4t2x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8500:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1009-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1100-4p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1101-4p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8300-1n1s-6t:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1131:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1160:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8540csr:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4221:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ios_xe_sd-wan:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:catalyst_8000v_edge:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4451:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1109-2p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:csr_1000v:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4351:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8540msr:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1100-4g\/6g:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4461:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8510csr:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1120:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8500-4qc:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1109:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4321:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1109-4p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1002-hx:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8300-2n2s-4t2x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4451-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8200:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1100-8p:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1001-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4331:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_4431:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8300:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8300-2n2s-6t:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1100:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:asr_1006-x:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8500l:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:catalyst_8510msr:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:isr_1101:-:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo

23 Mar 2023, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-03-23 17:15

Updated : 2023-12-10 15:01

NVD link : CVE-2023-20035

Mitre link : CVE-2023-20035

CVE.ORG link : CVE-2023-20035

JSON object : View

Products Affected

cisco

  • 1109-2p_integrated_services_router
  • catalyst_8200
  • catalyst_8540msr
  • 1109_integrated_services_router
  • catalyst_8300-1n1s-6t
  • asr_1002-hx
  • catalyst_8500
  • catalyst_8500-4qc
  • 4321_integrated_services_router
  • 1109-4p_integrated_services_router
  • asr_1009-x
  • 4351_integrated_services_router
  • 4451-x_integrated_services_router
  • 1100-4p_integrated_services_router
  • 1100-4g\/6g_integrated_services_router
  • csr_1000v
  • 1131_integrated_services_router
  • 4331_integrated_services_router
  • catalyst_8300-2n2s-6t
  • 1101_integrated_services_router
  • 1160_integrated_services_router
  • 4461_integrated_services_router
  • 4221_integrated_services_router
  • catalyst_8000v_edge
  • 4451_integrated_services_router
  • asr_1001-x
  • catalyst_8300-1n1s-4t2x
  • 1101-4p_integrated_services_router
  • catalyst_8510msr
  • asr_1006-x
  • 1100_integrated_services_router
  • catalyst_8540csr
  • ios_xe_sd-wan
  • 4431_integrated_services_router
  • catalyst_8300
  • catalyst_8300-2n2s-4t2x
  • 1120_integrated_services_router
  • catalyst_8510csr
  • catalyst_8500l
  • 1100-8p_integrated_services_router
CWE
NVD-CWE-noinfo CWE-146

Improper Neutralization of Expression/Command Delimiters