A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user.
This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.
References
| Link | Resource |
|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Jan 2024, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-862 |
16 Oct 2023, 16:35
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:cisco:sd-wan_vmanage:20.11.1.2:*:*:*:*:*:*:* |
cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.9.3.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.11.1.2:*:*:*:*:*:*:* |
| First Time |
Cisco catalyst Sd-wan Manager
|
04 Oct 2023, 01:44
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:cisco:sd-wan_vmanage:20.9.3.2:*:*:*:*:*:*:* cpe:2.3:a:cisco:sd-wan_vmanage:20.11.1.2:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| References | (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z - Vendor Advisory | |
| First Time |
Cisco sd-wan Vmanage
Cisco |
|
| CWE | CWE-287 |
27 Sep 2023, 18:31
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-09-27 18:15
Updated : 2024-01-25 17:15
NVD link : CVE-2023-20252
Mitre link : CVE-2023-20252
CVE.ORG link : CVE-2023-20252
JSON object : View
Products Affected
cisco
- catalyst_sd-wan_manager