CVE-2023-20252 - OpenCVE

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Catalyst Sd-wan Manager

Configuration 1 [-]

OR	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.9.3.2:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.11.1.2:::::::*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-09-27T17:17:38.087Z

Updated: 2024-08-02T09:05:36.846Z

Reserved: 2022-10-27T18:47:50.372Z

Link: CVE-2023-20252

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-09-27T18:15:11.553

Modified: 2024-01-25T17:15:41.360

Link: CVE-2023-20252

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20252", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.372Z", "datePublished": "2023-09-27T17:17:38.087Z", "dateUpdated": "2024-08-02T09:05:36.846Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:58:32.419Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user.\r\n\r This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application."}], "affected": [{"vendor": "Cisco", "product": "Cisco SD-WAN vManage", "versions": [{"version": "20.9.3.2", "status": "affected"}, {"version": "20.11.1.2", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Missing Authorization", "type": "cwe", "cweId": "CWE-862"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z", "name": "cisco-sa-sdwan-vman-sc-LRLfu2z"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-sdwan-vman-sc-LRLfu2z", "discovery": "INTERNAL", "defects": ["CSCwh03202"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:05:36.846Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z", "name": "cisco-sa-sdwan-vman-sc-LRLfu2z", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.9.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "EED698CC-E559-41E2-A970-BA6F5B7579CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.11.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "D75FD0B3-1C01-4304-AFF1-0DE10783D6E8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user.\r\n\r This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application."}, {"lang": "es", "value": "Una vulnerabilidad en las API del Security Assertion Markup Language (SAML) del software Cisco Catalyst SD-WAN Manager podr\u00eda permitir que un atacante remoto no autenticado obtenga acceso no autorizado a la aplicaci\u00f3n como un usuario arbitrario. Esta vulnerabilidad se debe a comprobaciones de autenticaci\u00f3n incorrectas para las API de SAML. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando solicitudes directamente a la API SAML. Un exploit exitoso podr\u00eda permitir al atacante generar un token de autorizaci\u00f3n suficiente para obtener acceso a la aplicaci\u00f3n."}], "id": "CVE-2023-20252", "lastModified": "2024-01-25T17:15:41.360", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2023-09-27T18:15:11.553", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}