CVE-2023-20273

HIGHCISA KEV

7.2

Beschreibung

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

CVE Details

CVSS v3.1 Bewertung7.2

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienHIGH

BenutzerinteraktionNONE

Veroffentlicht10/25/2023

Zuletzt geandert10/28/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerCisco

ProduktCisco IOS XE Web UI

SchwachstellennameCisco IOS XE Web UI Command Injection Vulnerability

KEV Aufnahmedatum2023-10-23

Behebungsfrist2023-10-27

Ransomware-NutzungUnknown

Betroffene Produkte

cisco:catalyst_3650cisco:catalyst_3650-12x48fd-ecisco:catalyst_3650-12x48fd-lcisco:catalyst_3650-12x48fd-scisco:catalyst_3650-12x48uqcisco:catalyst_3650-12x48uq-ecisco:catalyst_3650-12x48uq-lcisco:catalyst_3650-12x48uq-scisco:catalyst_3650-12x48urcisco:catalyst_3650-12x48ur-ecisco:catalyst_3650-12x48ur-lcisco:catalyst_3650-12x48ur-scisco:catalyst_3650-12x48uzcisco:catalyst_3650-12x48uz-ecisco:catalyst_3650-12x48uz-lcisco:catalyst_3650-12x48uz-scisco:catalyst_3650-24pdcisco:catalyst_3650-24pd-ecisco:catalyst_3650-24pd-lcisco:catalyst_3650-24pd-scisco:catalyst_3650-24pdmcisco:catalyst_3650-24pdm-ecisco:catalyst_3650-24pdm-lcisco:catalyst_3650-24pdm-scisco:catalyst_3650-24ps-ecisco:catalyst_3650-24ps-lcisco:catalyst_3650-24ps-scisco:catalyst_3650-24td-ecisco:catalyst_3650-24td-lcisco:catalyst_3650-24td-scisco:catalyst_3650-24ts-ecisco:catalyst_3650-24ts-lcisco:catalyst_3650-24ts-scisco:catalyst_3650-48fd-ecisco:catalyst_3650-48fd-lcisco:catalyst_3650-48fd-scisco:catalyst_3650-48fqcisco:catalyst_3650-48fq-ecisco:catalyst_3650-48fq-lcisco:catalyst_3650-48fq-scisco:catalyst_3650-48fqmcisco:catalyst_3650-48fqm-ecisco:catalyst_3650-48fqm-lcisco:catalyst_3650-48fqm-scisco:catalyst_3650-48fs-ecisco:catalyst_3650-48fs-lcisco:catalyst_3650-48fs-scisco:catalyst_3650-48pd-ecisco:catalyst_3650-48pd-lcisco:catalyst_3650-48pd-scisco:catalyst_3650-48pq-ecisco:catalyst_3650-48pq-lcisco:catalyst_3650-48pq-scisco:catalyst_3650-48ps-ecisco:catalyst_3650-48ps-lcisco:catalyst_3650-48ps-scisco:catalyst_3650-48td-ecisco:catalyst_3650-48td-lcisco:catalyst_3650-48td-scisco:catalyst_3650-48tq-ecisco:catalyst_3650-48tq-lcisco:catalyst_3650-48tq-scisco:catalyst_3650-48ts-ecisco:catalyst_3650-48ts-lcisco:catalyst_3650-48ts-scisco:catalyst_3650-8x24pd-ecisco:catalyst_3650-8x24pd-lcisco:catalyst_3650-8x24pd-scisco:catalyst_3650-8x24uqcisco:catalyst_3650-8x24uq-ecisco:catalyst_3650-8x24uq-lcisco:catalyst_3650-8x24uq-scisco:catalyst_3850cisco:catalyst_3850-12s-ecisco:catalyst_3850-12s-scisco:catalyst_3850-12x48ucisco:catalyst_3850-12xs-ecisco:catalyst_3850-12xs-scisco:catalyst_3850-16xs-ecisco:catalyst_3850-16xs-scisco:catalyst_3850-24p-ecisco:catalyst_3850-24p-lcisco:catalyst_3850-24p-scisco:catalyst_3850-24pw-scisco:catalyst_3850-24s-ecisco:catalyst_3850-24s-scisco:catalyst_3850-24t-ecisco:catalyst_3850-24t-lcisco:catalyst_3850-24t-scisco:catalyst_3850-24ucisco:catalyst_3850-24u-ecisco:catalyst_3850-24u-lcisco:catalyst_3850-24u-scisco:catalyst_3850-24xscisco:catalyst_3850-24xs-ecisco:catalyst_3850-24xs-scisco:catalyst_3850-24xucisco:catalyst_3850-24xu-ecisco:catalyst_3850-24xu-lcisco:catalyst_3850-24xu-scisco:catalyst_3850-32xs-ecisco:catalyst_3850-32xs-scisco:catalyst_3850-48f-ecisco:catalyst_3850-48f-lcisco:catalyst_3850-48f-scisco:catalyst_3850-48p-ecisco:catalyst_3850-48p-lcisco:catalyst_3850-48p-scisco:catalyst_3850-48pw-scisco:catalyst_3850-48t-ecisco:catalyst_3850-48t-lcisco:catalyst_3850-48t-scisco:catalyst_3850-48ucisco:catalyst_3850-48u-ecisco:catalyst_3850-48u-lcisco:catalyst_3850-48u-scisco:catalyst_3850-48xscisco:catalyst_3850-48xs-ecisco:catalyst_3850-48xs-f-ecisco:catalyst_3850-48xs-f-scisco:catalyst_3850-48xs-scisco:catalyst_3850-nm-2-40gcisco:catalyst_3850-nm-8-10gcisco:ios_xe

Schwachen (CWE)

CWE-78CWE-78

Referenzen

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z(psirt@cisco.com)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20273(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.