CVE-2023-20066 - Vulnerability Details

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security configuration. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to files that are outside the filesystem mountpoint of the web UI. Note: These files are located on a restricted filesystem that is maintained for the web UI. There is no ability to write to any files on this filesystem.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00467.

Exploitation none

Automatable no

Technical Impact partial

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco IOS XE Software

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:ios_xe:16.12.3:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.2:::::::*
	cpe:2.3:o:cisco:ios_xe:17.6.2:::::::*

OR	cpe:2.3:h:cisco:1000_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1100_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1101_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1109_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:111x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1120_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1131_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:1160_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4000_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4221_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4321_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4331_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4351_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4431_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4451-x_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4451_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:4461_integrated_services_router:-:::::::*
	cpe:2.3:h:cisco:8101-32fh:-:::::::*
	cpe:2.3:h:cisco:8101-32h:-:::::::*
	cpe:2.3:h:cisco:8102-64h:-:::::::*
	cpe:2.3:h:cisco:8201:-:::::::*
	cpe:2.3:h:cisco:8201-32fh:-:::::::*
	cpe:2.3:h:cisco:8202:-:::::::*
	cpe:2.3:h:cisco:8800_12-slot:-:::::::*
	cpe:2.3:h:cisco:8800_18-slot:-:::::::*
	cpe:2.3:h:cisco:8800_4-slot:-:::::::*
	cpe:2.3:h:cisco:8800_8-slot:-:::::::*
	cpe:2.3:h:cisco:8804:-:::::::*
	cpe:2.3:h:cisco:8808:-:::::::*
	cpe:2.3:h:cisco:8812:-:::::::*
	cpe:2.3:h:cisco:8818:-:::::::*
	cpe:2.3:h:cisco:8831:-:::::::*
	cpe:2.3:h:cisco:9800-40:-:::::::*
	cpe:2.3:h:cisco:9800-80:-:::::::*
	cpe:2.3:h:cisco:9800-cl:-:::::::*
	cpe:2.3:h:cisco:9800-l:-:::::::*
	cpe:2.3:h:cisco:asr_1000:-:::::::*
	cpe:2.3:h:cisco:asr_1000-esp100:-:::::::*
	cpe:2.3:h:cisco:asr_1000-esp100-x:-:::::::*
	cpe:2.3:h:cisco:asr_1000-esp200-x:-:::::::*
	cpe:2.3:h:cisco:asr_1001:-:::::::*
	cpe:2.3:h:cisco:asr_1001-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1001-hx_r:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x:-:::::::*
	cpe:2.3:h:cisco:asr_1001-x_r:-:::::::*
	cpe:2.3:h:cisco:asr_1002:-:::::::*
	cpe:2.3:h:cisco:asr_1002-hx:-:::::::*
	cpe:2.3:h:cisco:asr_1002-hx_r:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x:-:::::::*
	cpe:2.3:h:cisco:asr_1002-x_r:-:::::::*
	cpe:2.3:h:cisco:asr_1004:-:::::::*
	cpe:2.3:h:cisco:asr_1006:-:::::::*
	cpe:2.3:h:cisco:asr_1006-x:-:::::::*
	cpe:2.3:h:cisco:asr_1009-x:-:::::::*
	cpe:2.3:h:cisco:asr_1013:-:::::::*
cpe:2.3:h:cisco:asr_1023:-:::::::*
cpe:2.3:h:cisco:asr_900:-:::::::*
cpe:2.3:h:cisco:asr_9000:-:::::::*
cpe:2.3:h:cisco:asr_9000v:-:::::::*
cpe:2.3:h:cisco:asr_9000v:v2:::::::*
cpe:2.3:h:cisco:asr_9001:-:::::::*
cpe:2.3:h:cisco:asr_9006:-:::::::*
cpe:2.3:h:cisco:asr_901-12c-f-d:-:::::::*
cpe:2.3:h:cisco:asr_901-12c-ft-d:-:::::::*
cpe:2.3:h:cisco:asr_901-4c-f-d:-:::::::*
cpe:2.3:h:cisco:asr_901-4c-ft-d:-:::::::*
cpe:2.3:h:cisco:asr_901-6cz-f-a:-:::::::*
cpe:2.3:h:cisco:asr_901-6cz-f-d:-:::::::*
cpe:2.3:h:cisco:asr_901-6cz-fs-a:-:::::::*
cpe:2.3:h:cisco:asr_901-6cz-fs-d:-:::::::*
cpe:2.3:h:cisco:asr_901-6cz-ft-a:-:::::::*
cpe:2.3:h:cisco:asr_901-6cz-ft-d:-:::::::*
cpe:2.3:h:cisco:asr_9010:-:::::::*
cpe:2.3:h:cisco:asr_901s-2sg-f-ah:-:::::::*
cpe:2.3:h:cisco:asr_901s-2sg-f-d:-:::::::*
cpe:2.3:h:cisco:asr_901s-3sg-f-ah:-:::::::*
cpe:2.3:h:cisco:asr_901s-3sg-f-d:-:::::::*
cpe:2.3:h:cisco:asr_901s-4sg-f-d:-:::::::*
cpe:2.3:h:cisco:asr_902:-:::::::*
cpe:2.3:h:cisco:asr_902u:-:::::::*
cpe:2.3:h:cisco:asr_903:-:::::::*
cpe:2.3:h:cisco:asr_907:-:::::::*
cpe:2.3:h:cisco:asr_914:-:::::::*
cpe:2.3:h:cisco:asr_920-10sz-pd:-:::::::*
cpe:2.3:h:cisco:asr_920-10sz-pd_r:-:::::::*
cpe:2.3:h:cisco:asr_920-12cz-a:-:::::::*
cpe:2.3:h:cisco:asr_920-12cz-a_r:-:::::::*
cpe:2.3:h:cisco:asr_920-12cz-d:-:::::::*
cpe:2.3:h:cisco:asr_920-12cz-d_r:-:::::::*
cpe:2.3:h:cisco:asr_920-12sz-im:-:::::::*
cpe:2.3:h:cisco:asr_920-12sz-im_r:-:::::::*
cpe:2.3:h:cisco:asr_920-24sz-im:-:::::::*
cpe:2.3:h:cisco:asr_920-24sz-im_r:-:::::::*
cpe:2.3:h:cisco:asr_920-24sz-m:-:::::::*
cpe:2.3:h:cisco:asr_920-24sz-m_r:-:::::::*
cpe:2.3:h:cisco:asr_920-24tz-m:-:::::::*
cpe:2.3:h:cisco:asr_920-24tz-m_r:-:::::::*
cpe:2.3:h:cisco:asr_920-4sz-a:-:::::::*
cpe:2.3:h:cisco:asr_920-4sz-a_r:-:::::::*
cpe:2.3:h:cisco:asr_920-4sz-d:-:::::::*
cpe:2.3:h:cisco:asr_920-4sz-d_r:-:::::::*
cpe:2.3:h:cisco:asr_920u-12sz-im:-:::::::*
cpe:2.3:h:cisco:asr_9901:-:::::::*
cpe:2.3:h:cisco:asr_9902:-:::::::*
cpe:2.3:h:cisco:asr_9903:-:::::::*
cpe:2.3:h:cisco:asr_9904:-:::::::*
cpe:2.3:h:cisco:asr_9906:-:::::::*
cpe:2.3:h:cisco:asr_9910:-:::::::*
cpe:2.3:h:cisco:asr_9912:-:::::::*
cpe:2.3:h:cisco:asr_9920:-:::::::*
cpe:2.3:h:cisco:asr_9922:-:::::::*
cpe:2.3:h:cisco:catalyst_3850:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-12s-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-12s-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-12x48u:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-12xs-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-12xs-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-16xs-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-16xs-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24p-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24p-l:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24p-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24pw-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24s-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24s-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24t-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24t-l:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24t-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24u:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24u-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24u-l:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24u-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24xs:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24xs-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24xs-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24xu:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24xu-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24xu-l:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-24xu-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-32xs-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-32xs-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48f-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48f-l:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48f-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48p-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48p-l:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48p-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48pw-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48t-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48t-l:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48t-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48u:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48u-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48u-l:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48u-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48xs:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48xs-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48xs-f-e:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48xs-f-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-48xs-s:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-nm-2-40g:-:::::::*
cpe:2.3:h:cisco:catalyst_3850-nm-8-10g:-:::::::*
cpe:2.3:h:cisco:catalyst_8200:-:::::::*
cpe:2.3:h:cisco:catalyst_8300:-:::::::*
cpe:2.3:h:cisco:catalyst_8300-1n1s-4t2x:-:::::::*
cpe:2.3:h:cisco:catalyst_8300-1n1s-6t:-:::::::*
cpe:2.3:h:cisco:catalyst_8300-2n2s-4t2x:-:::::::*
cpe:2.3:h:cisco:catalyst_8300-2n2s-6t:-:::::::*
cpe:2.3:h:cisco:catalyst_8500:-:::::::*
cpe:2.3:h:cisco:catalyst_8500-4qc:-:::::::*
cpe:2.3:h:cisco:catalyst_8500l:-:::::::*
cpe:2.3:h:cisco:catalyst_8510csr:-:::::::*
cpe:2.3:h:cisco:catalyst_8510msr:-:::::::*
cpe:2.3:h:cisco:catalyst_8540csr:-:::::::*
cpe:2.3:h:cisco:catalyst_8540msr:-:::::::*
cpe:2.3:h:cisco:catalyst_9200:-:::::::*
cpe:2.3:h:cisco:catalyst_9200cx:-:::::::*
cpe:2.3:h:cisco:catalyst_9200l:-:::::::*
cpe:2.3:h:cisco:catalyst_9300:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-24p-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-24p-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-24s-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-24s-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-24t-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-24t-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-24u-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-24u-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-24ux-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-24ux-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-48p-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-48p-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-48s-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-48s-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-48t-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-48t-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-48u-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-48u-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-48un-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-48un-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-48uxm-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300-48uxm-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-24p-4g-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-24p-4g-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-24p-4x-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-24p-4x-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-24t-4g-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-24t-4g-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-24t-4x-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-24t-4x-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-48p-4g-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-48p-4g-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-48p-4x-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-48p-4x-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-48t-4g-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-48t-4g-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-48t-4x-a:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l-48t-4x-e:-:::::::*
cpe:2.3:h:cisco:catalyst_9300l_stack:-:::::::*
cpe:2.3:h:cisco:catalyst_9300lm:-:::::::*
cpe:2.3:h:cisco:catalyst_9300x:-:::::::*
cpe:2.3:h:cisco:catalyst_9400:-:::::::*
cpe:2.3:h:cisco:catalyst_9400_supervisor_engine-1:-:::::::*
cpe:2.3:h:cisco:catalyst_9407r:-:::::::*
cpe:2.3:h:cisco:catalyst_9410r:-:::::::*
cpe:2.3:h:cisco:catalyst_9500:-:::::::*
cpe:2.3:h:cisco:catalyst_9500h:-:::::::*
cpe:2.3:h:cisco:catalyst_9600:-:::::::*
cpe:2.3:h:cisco:catalyst_9600_supervisor_engine-1:-:::::::*
cpe:2.3:h:cisco:catalyst_9600x:-:::::::*
cpe:2.3:h:cisco:catalyst_9800:-:::::::*
cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
cpe:2.3:h:cisco:catalyst_9800-40_wireless_controller:-:::::::*
cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
cpe:2.3:h:cisco:catalyst_9800-80_wireless_controller:-:::::::*
cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
cpe:2.3:h:cisco:catalyst_9800-l-c:-:::::::*
cpe:2.3:h:cisco:catalyst_9800-l-f:-:::::::*
cpe:2.3:h:cisco:catalyst_9800_embedded_wireless_controller:-:::::::*
cpe:2.3:h:cisco:catalyst_ie3200:-:::::::*
cpe:2.3:h:cisco:catalyst_ie3200_rugged_switch:-:::::::*
cpe:2.3:h:cisco:catalyst_ie3300:-:::::::*
cpe:2.3:h:cisco:catalyst_ie3300_rugged_switch:-:::::::*
cpe:2.3:h:cisco:catalyst_ie3400:-:::::::*
cpe:2.3:h:cisco:catalyst_ie3400_heavy_duty_switch:-:::::::*
cpe:2.3:h:cisco:catalyst_ie3400_rugged_switch:-:::::::*
cpe:2.3:h:cisco:catalyst_ie9300:-:::::::*
cpe:2.3:h:cisco:cbr-8:-:::::::*
cpe:2.3:h:cisco:cg418-e:-:::::::*
cpe:2.3:h:cisco:cg522-e:-:::::::*
cpe:2.3:h:cisco:esr6300:-:::::::*
cpe:2.3:h:cisco:ess-3300-24t-con-a:-:::::::*
cpe:2.3:h:cisco:ess-3300-24t-con-e:-:::::::*
cpe:2.3:h:cisco:ess-3300-24t-ncp-a:-:::::::*
cpe:2.3:h:cisco:ess-3300-24t-ncp-e:-:::::::*
cpe:2.3:h:cisco:ess-3300-con-a:-:::::::*
cpe:2.3:h:cisco:ess-3300-con-e:-:::::::*
cpe:2.3:h:cisco:ess-3300-ncp-a:-:::::::*
cpe:2.3:h:cisco:ess-3300-ncp-e:-:::::::*
cpe:2.3:h:cisco:ess9300-10x-e:-:::::::*
cpe:2.3:h:cisco:integrated_services_virtual_router:-:::::::*

No data.

Project Subscriptions

Vendors	Products
Cisco Subscribe	1000 Integrated Services Router Subscribe 1100-4g Integrated Services Router Subscribe 1100-4p Integrated Services Router Subscribe 1100-6g Integrated Services Router Subscribe 1100-8p Integrated Services Router Subscribe 1100 Integrated Services Router Subscribe 1101-4p Integrated Services Router Subscribe 1101 Integrated Services Router Subscribe 1109-2p Integrated Services Router Subscribe 1109-4p Integrated Services Router Subscribe 1109 Integrated Services Router Subscribe 1111x-8p Integrated Services Router Subscribe 1111x Integrated Services Router Subscribe 111x Integrated Services Router Subscribe 1120 Integrated Services Router Subscribe 1131 Integrated Services Router Subscribe 1160 Integrated Services Router Subscribe 4000 Integrated Services Router Subscribe 4221 Integrated Services Router Subscribe 4321 Integrated Services Router Subscribe 4331 Integrated Services Router Subscribe 4351 Integrated Services Router Subscribe 4431 Integrated Services Router Subscribe 4451-x Integrated Services Router Subscribe 4451 Integrated Services Router Subscribe 4461 Integrated Services Router Subscribe 8101-32fh Subscribe 8101-32h Subscribe 8102-64h Subscribe 8201 Subscribe 8201-32fh Subscribe 8202 Subscribe 8800 12-slot Subscribe 8800 18-slot Subscribe 8800 4-slot Subscribe 8800 8-slot Subscribe 8804 Subscribe 8808 Subscribe 8812 Subscribe 8818 Subscribe 8831 Subscribe 9800-40 Subscribe 9800-80 Subscribe 9800-cl Subscribe 9800-l Subscribe Asr 1000 Subscribe Asr 1000-esp100 Subscribe Asr 1000-esp100-x Subscribe Asr 1000-esp200-x Subscribe Asr 1001 Subscribe Asr 1001-hx Subscribe Asr 1001-hx R Subscribe Asr 1001-x Subscribe Asr 1001-x R Subscribe Asr 1002 Subscribe Asr 1002-hx Subscribe Asr 1002-hx R Subscribe Asr 1002-x Subscribe Asr 1002-x R Subscribe Asr 1004 Subscribe Asr 1006 Subscribe Asr 1006-x Subscribe Asr 1009-x Subscribe Asr 1013 Subscribe Asr 1023 Subscribe Asr 900 Subscribe Asr 9000 Subscribe Asr 9000v Subscribe Asr 9001 Subscribe Asr 9006 Subscribe Asr 901-12c-f-d Subscribe Asr 901-12c-ft-d Subscribe Asr 901-4c-f-d Subscribe Asr 901-4c-ft-d Subscribe Asr 901-6cz-f-a Subscribe Asr 901-6cz-f-d Subscribe Asr 901-6cz-fs-a Subscribe Asr 901-6cz-fs-d Subscribe Asr 901-6cz-ft-a Subscribe Asr 901-6cz-ft-d Subscribe Asr 9010 Subscribe Asr 901s-2sg-f-ah Subscribe Asr 901s-2sg-f-d Subscribe Asr 901s-3sg-f-ah Subscribe Asr 901s-3sg-f-d Subscribe Asr 901s-4sg-f-d Subscribe Asr 902 Subscribe Asr 902u Subscribe Asr 903 Subscribe Asr 907 Subscribe Asr 914 Subscribe Asr 920-10sz-pd Subscribe Asr 920-10sz-pd R Subscribe Asr 920-12cz-a Subscribe Asr 920-12cz-a R Subscribe Asr 920-12cz-d Subscribe Asr 920-12cz-d R Subscribe Asr 920-12sz-im Subscribe Asr 920-12sz-im R Subscribe Asr 920-24sz-im Subscribe Asr 920-24sz-im R Subscribe Asr 920-24sz-m Subscribe Asr 920-24sz-m R Subscribe Asr 920-24tz-m Subscribe Asr 920-24tz-m R Subscribe Asr 920-4sz-a Subscribe Asr 920-4sz-a R Subscribe Asr 920-4sz-d Subscribe Asr 920-4sz-d R Subscribe Asr 920u-12sz-im Subscribe Asr 9901 Subscribe Asr 9902 Subscribe Asr 9903 Subscribe Asr 9904 Subscribe Asr 9906 Subscribe Asr 9910 Subscribe Asr 9912 Subscribe Asr 9920 Subscribe Asr 9922 Subscribe Catalyst 3850 Subscribe Catalyst 3850-12s-e Subscribe Catalyst 3850-12s-s Subscribe Catalyst 3850-12x48u Subscribe Catalyst 3850-12xs-e Subscribe Catalyst 3850-12xs-s Subscribe Catalyst 3850-16xs-e Subscribe Catalyst 3850-16xs-s Subscribe Catalyst 3850-24p-e Subscribe Catalyst 3850-24p-l Subscribe Catalyst 3850-24p-s Subscribe Catalyst 3850-24pw-s Subscribe Catalyst 3850-24s-e Subscribe Catalyst 3850-24s-s Subscribe Catalyst 3850-24t-e Subscribe Catalyst 3850-24t-l Subscribe Catalyst 3850-24t-s Subscribe Catalyst 3850-24u Subscribe Catalyst 3850-24u-e Subscribe Catalyst 3850-24u-l Subscribe Catalyst 3850-24u-s Subscribe Catalyst 3850-24xs Subscribe Catalyst 3850-24xs-e Subscribe Catalyst 3850-24xs-s Subscribe Catalyst 3850-24xu Subscribe Catalyst 3850-24xu-e Subscribe Catalyst 3850-24xu-l Subscribe Catalyst 3850-24xu-s Subscribe Catalyst 3850-32xs-e Subscribe Catalyst 3850-32xs-s Subscribe Catalyst 3850-48f-e Subscribe Catalyst 3850-48f-l Subscribe Catalyst 3850-48f-s Subscribe Catalyst 3850-48p-e Subscribe Catalyst 3850-48p-l Subscribe Catalyst 3850-48p-s Subscribe Catalyst 3850-48pw-s Subscribe Catalyst 3850-48t-e Subscribe Catalyst 3850-48t-l Subscribe Catalyst 3850-48t-s Subscribe Catalyst 3850-48u Subscribe Catalyst 3850-48u-e Subscribe Catalyst 3850-48u-l Subscribe Catalyst 3850-48u-s Subscribe Catalyst 3850-48xs Subscribe Catalyst 3850-48xs-e Subscribe Catalyst 3850-48xs-f-e Subscribe Catalyst 3850-48xs-f-s Subscribe Catalyst 3850-48xs-s Subscribe Catalyst 3850-nm-2-40g Subscribe Catalyst 3850-nm-8-10g Subscribe Catalyst 8200 Subscribe Catalyst 8300 Subscribe Catalyst 8300-1n1s-4t2x Subscribe Catalyst 8300-1n1s-6t Subscribe Catalyst 8300-2n2s-4t2x Subscribe Catalyst 8300-2n2s-6t Subscribe Catalyst 8500 Subscribe Catalyst 8500-4qc Subscribe Catalyst 8500l Subscribe Catalyst 8510csr Subscribe Catalyst 8510msr Subscribe Catalyst 8540csr Subscribe Catalyst 8540msr Subscribe Catalyst 9200 Subscribe Catalyst 9200cx Subscribe Catalyst 9200l Subscribe Catalyst 9300 Subscribe Catalyst 9300-24p-a Subscribe Catalyst 9300-24p-e Subscribe Catalyst 9300-24s-a Subscribe Catalyst 9300-24s-e Subscribe Catalyst 9300-24t-a Subscribe Catalyst 9300-24t-e Subscribe Catalyst 9300-24u-a Subscribe Catalyst 9300-24u-e Subscribe Catalyst 9300-24ux-a Subscribe Catalyst 9300-24ux-e Subscribe Catalyst 9300-48p-a Subscribe Catalyst 9300-48p-e Subscribe Catalyst 9300-48s-a Subscribe Catalyst 9300-48s-e Subscribe Catalyst 9300-48t-a Subscribe Catalyst 9300-48t-e Subscribe Catalyst 9300-48u-a Subscribe Catalyst 9300-48u-e Subscribe Catalyst 9300-48un-a Subscribe Catalyst 9300-48un-e Subscribe Catalyst 9300-48uxm-a Subscribe Catalyst 9300-48uxm-e Subscribe Catalyst 9300l Subscribe Catalyst 9300l-24p-4g-a Subscribe Catalyst 9300l-24p-4g-e Subscribe Catalyst 9300l-24p-4x-a Subscribe Catalyst 9300l-24p-4x-e Subscribe Catalyst 9300l-24t-4g-a Subscribe Catalyst 9300l-24t-4g-e Subscribe Catalyst 9300l-24t-4x-a Subscribe Catalyst 9300l-24t-4x-e Subscribe Catalyst 9300l-48p-4g-a Subscribe Catalyst 9300l-48p-4g-e Subscribe Catalyst 9300l-48p-4x-a Subscribe Catalyst 9300l-48p-4x-e Subscribe Catalyst 9300l-48t-4g-a Subscribe Catalyst 9300l-48t-4g-e Subscribe Catalyst 9300l-48t-4x-a Subscribe Catalyst 9300l-48t-4x-e Subscribe Catalyst 9300l Stack Subscribe Catalyst 9300lm Subscribe Catalyst 9300x Subscribe Catalyst 9400 Subscribe Catalyst 9400 Supervisor Engine-1 Subscribe Catalyst 9407r Subscribe Catalyst 9410r Subscribe Catalyst 9500 Subscribe Catalyst 9500h Subscribe Catalyst 9600 Subscribe Catalyst 9600 Supervisor Engine-1 Subscribe Catalyst 9600x Subscribe Catalyst 9800 Subscribe Catalyst 9800-40 Subscribe Catalyst 9800-40 Wireless Controller Subscribe Catalyst 9800-80 Subscribe Catalyst 9800-80 Wireless Controller Subscribe Catalyst 9800-cl Subscribe Catalyst 9800-l Subscribe Catalyst 9800-l-c Subscribe Catalyst 9800-l-f Subscribe Catalyst 9800 Embedded Wireless Controller Subscribe Catalyst Ie3200 Subscribe Catalyst Ie3200 Rugged Switch Subscribe Catalyst Ie3300 Subscribe Catalyst Ie3300 Rugged Switch Subscribe Catalyst Ie3400 Subscribe Catalyst Ie3400 Heavy Duty Switch Subscribe Catalyst Ie3400 Rugged Switch Subscribe Catalyst Ie9300 Subscribe Cbr-8 Subscribe Cg418-e Subscribe Cg522-e Subscribe Esr6300 Subscribe Ess-3300-24t-con-a Subscribe Ess-3300-24t-con-e Subscribe Ess-3300-24t-ncp-a Subscribe Ess-3300-24t-ncp-e Subscribe Ess-3300-con-a Subscribe Ess-3300-con-e Subscribe Ess-3300-ncp-a Subscribe Ess-3300-ncp-e Subscribe Ess9300-10x-e Subscribe Integrated Services Virtual Router Subscribe Ios Xe Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-24245	A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security configuration. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to files that are outside the filesystem mountpoint of the web UI. Note: These files are located on a restricted filesystem that is maintained for the web UI. There is no ability to write to any files on this filesystem.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-pthtrv-es7GSb9V

History

Fri, 25 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-03-23T00:00:00

Updated: 2024-10-25T16:02:41.984Z

Reserved: 2022-10-27T00:00:00

Link: CVE-2023-20066

Vulnrichment

Updated: 2024-08-02T08:57:35.555Z

NVD

Status : Modified

Published: 2023-03-23T17:15:14.547

Modified: 2024-11-21T07:40:28.413

Link: CVE-2023-20066

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object