CVE-2023-20231 - Vulnerability Details

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.

This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.

Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00636.

Exploitation none

Automatable no

Technical Impact total

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco IOS XE Software

affected

Version	Status	Constraints
`16.12.8`	affected	—
`16.12.4`	affected	—
`16.12.4a`	affected	—
`16.12.5`	affected	—
`16.12.6`	affected	—
`16.12.5a`	affected	—
`16.12.5b`	affected	—
`16.12.6a`	affected	—
`16.12.7`	affected	—
`16.12.9`	affected	—
`17.2.2`	affected	—
`17.2.3`	affected	—
`17.3.1`	affected	—
`17.3.2`	affected	—
`17.3.3`	affected	—
`17.3.1a`	affected	—
`17.3.1w`	affected	—
`17.3.2a`	affected	—
`17.3.1x`	affected	—
`17.3.1z`	affected	—
`17.3.4`	affected	—
`17.3.5`	affected	—
`17.3.4a`	affected	—
`17.3.6`	affected	—
`17.3.4b`	affected	—
`17.3.4c`	affected	—
`17.3.5a`	affected	—
`17.3.5b`	affected	—
`17.4.1`	affected	—
`17.4.2`	affected	—
`17.4.1a`	affected	—
`17.4.1b`	affected	—
`17.4.2a`	affected	—
`17.5.1`	affected	—
`17.5.1a`	affected	—
`17.5.1b`	affected	—
`17.5.1c`	affected	—
`17.6.1`	affected	—
`17.6.2`	affected	—
`17.6.1w`	affected	—
`17.6.1a`	affected	—
`17.6.1x`	affected	—
`17.6.3`	affected	—
`17.6.1y`	affected	—
`17.6.1z`	affected	—
`17.6.3a`	affected	—
`17.6.4`	affected	—
`17.6.1z1`	affected	—
`17.6.5`	affected	—
`17.6.5a`	affected	—
`17.7.1`	affected	—
`17.7.1a`	affected	—
`17.7.1b`	affected	—
`17.7.2`	affected	—
`17.10.1`	affected	—
`17.10.1a`	affected	—
`17.10.1b`	affected	—
`17.8.1`	affected	—
`17.8.1a`	affected	—
`17.9.1`	affected	—
`17.9.1w`	affected	—
`17.9.2`	affected	—
`17.9.1a`	affected	—
`17.9.1x`	affected	—
`17.9.1y`	affected	—
`17.9.2a`	affected	—
`17.9.1x1`	affected	—

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:ios_xe:16.12.4:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.4a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.5:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.5a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.5b:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.6:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.6a:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.7:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.8:::::::*
	cpe:2.3:o:cisco:ios_xe:16.12.9:::::::*
	cpe:2.3:o:cisco:ios_xe:17.2.2:::::::*
	cpe:2.3:o:cisco:ios_xe:17.2.3:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.1w:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.1x:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.1z:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.2:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.3:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.4:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.4a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.4b:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.4c:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.5:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.5a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.5b:::::::*
	cpe:2.3:o:cisco:ios_xe:17.3.6:::::::*
	cpe:2.3:o:cisco:ios_xe:17.4.1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.4.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.4.1b:::::::*
	cpe:2.3:o:cisco:ios_xe:17.4.2:::::::*
	cpe:2.3:o:cisco:ios_xe:17.4.2a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.5.1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.5.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.5.1b:::::::*
	cpe:2.3:o:cisco:ios_xe:17.5.1c:::::::*
	cpe:2.3:o:cisco:ios_xe:17.6.1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.6.1.z:::::::*
	cpe:2.3:o:cisco:ios_xe:17.6.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.6.1w:::::::*
	cpe:2.3:o:cisco:ios_xe:17.6.1x:::::::*
	cpe:2.3:o:cisco:ios_xe:17.6.1y:::::::*
	cpe:2.3:o:cisco:ios_xe:17.6.1z1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.6.2:::::::*
	cpe:2.3:o:cisco:ios_xe:17.6.3:::::::*
	cpe:2.3:o:cisco:ios_xe:17.6.3a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.6.4:::::::*
	cpe:2.3:o:cisco:ios_xe:17.6.5:::::::*
	cpe:2.3:o:cisco:ios_xe:17.7.1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.7.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.7.1b:::::::*
	cpe:2.3:o:cisco:ios_xe:17.7.2:::::::*
	cpe:2.3:o:cisco:ios_xe:17.8.1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.8.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.1a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.1w:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.1x:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.1x1:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.1y:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.2:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.2a:::::::*
	cpe:2.3:o:cisco:ios_xe:17.9.2b:::::::*
	cpe:2.3:o:cisco:ios_xe:17.10.1:::::::*
cpe:2.3:o:cisco:ios_xe:17.10.1a:::::::*
cpe:2.3:o:cisco:ios_xe:17.10.1b:::::::*
cpe:2.3:o:cisco:ios_xe:17.91w:::::::*

OR	cpe:2.3:h:cisco:catalyst_9105ax:-:::::::*
	cpe:2.3:h:cisco:catalyst_9105axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9105axw:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115ax:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115axe:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9117ax:-:::::::*
	cpe:2.3:h:cisco:catalyst_9117axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120ax:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120axe:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120axp:-:::::::*
	cpe:2.3:h:cisco:catalyst_9124ax:-:::::::*
	cpe:2.3:h:cisco:catalyst_9124axd:-:::::::*
	cpe:2.3:h:cisco:catalyst_9124axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130ax:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130axe:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-24p-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-24p-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-24s-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-24s-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-24t-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-24t-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-24u-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-24u-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-24ux-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-24ux-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-48p-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-48p-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-48s-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-48s-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-48t-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-48t-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-48u-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-48u-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-48un-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-48un-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-48uxm-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300-48uxm-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-24p-4g-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-24p-4g-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-24p-4x-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-24p-4x-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-24t-4g-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-24t-4g-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-24t-4x-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-24t-4x-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-48p-4g-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-48p-4g-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-48p-4x-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-48p-4x-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-48t-4g-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-48t-4g-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-48t-4x-a:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l-48t-4x-e:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300l_stack:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300lm:-:::::::*
	cpe:2.3:h:cisco:catalyst_9300x:-:::::::*
	cpe:2.3:h:cisco:catalyst_9400:-:::::::*
	cpe:2.3:h:cisco:catalyst_9407r:-:::::::*
	cpe:2.3:h:cisco:catalyst_9410r:-:::::::*
cpe:2.3:h:cisco:catalyst_9500:-:::::::*
cpe:2.3:h:cisco:catalyst_9500h:-:::::::*
cpe:2.3:h:cisco:catalyst_9800:-:::::::*
cpe:2.3:h:cisco:catalyst_9800-40:-:::::::*
cpe:2.3:h:cisco:catalyst_9800-80:-:::::::*
cpe:2.3:h:cisco:catalyst_9800-cl:-:::::::*
cpe:2.3:h:cisco:catalyst_9800-l:-:::::::*
cpe:2.3:h:cisco:catalyst_9800-l-c:-:::::::*
cpe:2.3:h:cisco:catalyst_9800-l-f:-:::::::*

No data.

Project Subscriptions

Vendors	Products
Cisco Subscribe	Catalyst 9105ax Subscribe Catalyst 9105axi Subscribe Catalyst 9105axw Subscribe Catalyst 9115ax Subscribe Catalyst 9115axe Subscribe Catalyst 9115axi Subscribe Catalyst 9117ax Subscribe Catalyst 9117axi Subscribe Catalyst 9120ax Subscribe Catalyst 9120axe Subscribe Catalyst 9120axi Subscribe Catalyst 9120axp Subscribe Catalyst 9124ax Subscribe Catalyst 9124axd Subscribe Catalyst 9124axi Subscribe Catalyst 9130ax Subscribe Catalyst 9130axe Subscribe Catalyst 9130axi Subscribe Catalyst 9300 Subscribe Catalyst 9300-24p-a Subscribe Catalyst 9300-24p-e Subscribe Catalyst 9300-24s-a Subscribe Catalyst 9300-24s-e Subscribe Catalyst 9300-24t-a Subscribe Catalyst 9300-24t-e Subscribe Catalyst 9300-24u-a Subscribe Catalyst 9300-24u-e Subscribe Catalyst 9300-24ux-a Subscribe Catalyst 9300-24ux-e Subscribe Catalyst 9300-48p-a Subscribe Catalyst 9300-48p-e Subscribe Catalyst 9300-48s-a Subscribe Catalyst 9300-48s-e Subscribe Catalyst 9300-48t-a Subscribe Catalyst 9300-48t-e Subscribe Catalyst 9300-48u-a Subscribe Catalyst 9300-48u-e Subscribe Catalyst 9300-48un-a Subscribe Catalyst 9300-48un-e Subscribe Catalyst 9300-48uxm-a Subscribe Catalyst 9300-48uxm-e Subscribe Catalyst 9300l Subscribe Catalyst 9300l-24p-4g-a Subscribe Catalyst 9300l-24p-4g-e Subscribe Catalyst 9300l-24p-4x-a Subscribe Catalyst 9300l-24p-4x-e Subscribe Catalyst 9300l-24t-4g-a Subscribe Catalyst 9300l-24t-4g-e Subscribe Catalyst 9300l-24t-4x-a Subscribe Catalyst 9300l-24t-4x-e Subscribe Catalyst 9300l-48p-4g-a Subscribe Catalyst 9300l-48p-4g-e Subscribe Catalyst 9300l-48p-4x-a Subscribe Catalyst 9300l-48p-4x-e Subscribe Catalyst 9300l-48t-4g-a Subscribe Catalyst 9300l-48t-4g-e Subscribe Catalyst 9300l-48t-4x-a Subscribe Catalyst 9300l-48t-4x-e Subscribe Catalyst 9300l Stack Subscribe Catalyst 9300lm Subscribe Catalyst 9300x Subscribe Catalyst 9400 Subscribe Catalyst 9407r Subscribe Catalyst 9410r Subscribe Catalyst 9500 Subscribe Catalyst 9500h Subscribe Catalyst 9800 Subscribe Catalyst 9800-40 Subscribe Catalyst 9800-80 Subscribe Catalyst 9800-cl Subscribe Catalyst 9800-l Subscribe Catalyst 9800-l-c Subscribe Catalyst 9800-l-f Subscribe Ios Xe Subscribe Ios Xe Software Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2023-24410	A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webui-cmdij-FzZAeXAy

History

Wed, 17 Dec 2025 05:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'No', 'Exploitation': 'None', 'Technical Impact': 'Total'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 24 Oct 2024 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco ios Xe Software
CPEs		cpe:2.3:a:cisco:ios_xe_software::::::::
Vendors & Products		Cisco ios Xe Software
Metrics		ssvc `{'options': {'Automatable': 'No', 'Exploitation': 'None', 'Technical Impact': 'Total'}, 'version': '2.0.3'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-09-27T17:19:17.664Z

Updated: 2025-12-16T18:23:20.501Z

Reserved: 2022-10-27T18:47:50.369Z

Link: CVE-2023-20231

Vulnrichment

Updated: 2024-08-02T09:05:36.687Z

NVD

Status : Modified

Published: 2023-09-27T18:15:11.430

Modified: 2024-11-21T07:40:57.000

Link: CVE-2023-20231

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object