CVE-2023-20254 - OpenCVE

A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled. This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Sd-wan Manager

Configuration 1 [-]

OR	cpe:2.3:a:cisco:sd-wan_manager::::::::
	cpe:2.3:a:cisco:sd-wan_manager::::::::
	cpe:2.3:a:cisco:sd-wan_manager::::::::
	cpe:2.3:a:cisco:sd-wan_manager::::::::

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-09-27T17:11:23.280Z

Updated: 2024-08-02T09:05:36.889Z

Reserved: 2022-10-27T18:47:50.372Z

Link: CVE-2023-20254

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-09-27T18:15:11.690

Modified: 2023-09-29T17:49:36.903

Link: CVE-2023-20254

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20254", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.372Z", "datePublished": "2023-09-27T17:11:23.280Z", "dateUpdated": "2024-08-02T09:05:36.889Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:58:33.089Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled.\r\n\r This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition."}], "affected": [{"vendor": "Cisco", "product": "Cisco SD-WAN vManage", "versions": [{"version": "17.2.6", "status": "affected"}, {"version": "17.2.7", "status": "affected"}, {"version": "17.2.8", "status": "affected"}, {"version": "17.2.9", "status": "affected"}, {"version": "17.2.10", "status": "affected"}, {"version": "17.2.4", "status": "affected"}, {"version": "17.2.5", "status": "affected"}, {"version": "18.3.1.1", "status": "affected"}, {"version": "18.3.3.1", "status": "affected"}, {"version": "18.3.3", "status": "affected"}, {"version": "18.3.4", "status": "affected"}, {"version": "18.3.5", "status": "affected"}, {"version": "18.3.7", "status": "affected"}, {"version": "18.3.8", "status": "affected"}, {"version": "18.3.6.1", "status": "affected"}, {"version": "18.3.1", "status": "affected"}, {"version": "18.3.0", "status": "affected"}, {"version": "18.4.0.1", "status": "affected"}, {"version": "18.4.3", "status": "affected"}, {"version": "18.4.302", "status": "affected"}, {"version": "18.4.303", "status": "affected"}, {"version": "18.4.4", "status": "affected"}, {"version": "18.4.5", "status": "affected"}, {"version": "18.4.0", "status": "affected"}, {"version": "18.4.1", "status": "affected"}, {"version": "18.4.6", "status": "affected"}, {"version": "19.2.0", "status": "affected"}, {"version": "19.2.097", "status": "affected"}, {"version": "19.2.099", "status": "affected"}, {"version": "19.2.1", "status": "affected"}, {"version": "19.2.2", "status": "affected"}, {"version": "19.2.3", "status": "affected"}, {"version": "19.2.31", "status": "affected"}, {"version": "19.2.929", "status": "affected"}, {"version": "19.2.4", "status": "affected"}, {"version": "20.1.1.1", "status": "affected"}, {"version": "20.1.12", "status": "affected"}, {"version": "20.1.1", "status": "affected"}, {"version": "20.1.2", "status": "affected"}, {"version": "20.1.3", "status": "affected"}, {"version": "19.3.0", "status": "affected"}, {"version": "19.1.0", "status": "affected"}, {"version": "18.2.0", "status": "affected"}, {"version": "20.3.1", "status": "affected"}, {"version": "20.3.2", "status": "affected"}, {"version": "20.3.2.1", "status": "affected"}, {"version": "20.3.3", "status": "affected"}, {"version": "20.3.3.1", "status": "affected"}, {"version": "20.3.4", "status": "affected"}, {"version": "20.3.4.1", "status": "affected"}, {"version": "20.3.4.2", "status": "affected"}, {"version": "20.3.5", "status": "affected"}, {"version": "20.3.6", "status": "affected"}, {"version": "20.3.7", "status": "affected"}, {"version": "20.3.7.1", "status": "affected"}, {"version": "20.3.4.3", "status": "affected"}, {"version": "20.3.5.1", "status": "affected"}, {"version": "20.3.7.2", "status": "affected"}, {"version": "20.4.1", "status": "affected"}, {"version": "20.4.1.1", "status": "affected"}, {"version": "20.4.1.2", "status": "affected"}, {"version": "20.4.2", "status": "affected"}, {"version": "20.4.2.2", "status": "affected"}, {"version": "20.4.2.1", "status": "affected"}, {"version": "20.4.2.3", "status": "affected"}, {"version": "20.5.1", "status": "affected"}, {"version": "20.5.1.2", "status": "affected"}, {"version": "20.5.1.1", "status": "affected"}, {"version": "20.6.1", "status": "affected"}, {"version": "20.6.1.1", "status": "affected"}, {"version": "20.6.2.1", "status": "affected"}, {"version": "20.6.2.2", "status": "affected"}, {"version": "20.6.2", "status": "affected"}, {"version": "20.6.3", "status": "affected"}, {"version": "20.6.3.1", "status": "affected"}, {"version": "20.6.1.2", "status": "affected"}, {"version": "20.6.3.2", "status": "affected"}, {"version": "20.6.3.3", "status": "affected"}, {"version": "20.6.3.0.45", "status": "affected"}, {"version": "20.6.3.0.46", "status": "affected"}, {"version": "20.6.3.0.47", "status": "affected"}, {"version": "20.7.1", "status": "affected"}, {"version": "20.7.1.1", "status": "affected"}, {"version": "20.7.2", "status": "affected"}, {"version": "20.8.1", "status": "affected"}, {"version": "20.9.1", "status": "affected"}, {"version": "20.9.2", "status": "affected"}, {"version": "20.9.2.1", "status": "affected"}, {"version": "20.9.3", "status": "affected"}, {"version": "20.9.3.1", "status": "affected"}, {"version": "20.9.2.3", "status": "affected"}, {"version": "20.9.3.0.12", "status": "affected"}, {"version": "20.9.3.0.16", "status": "affected"}, {"version": "20.9.3.0.17", "status": "affected"}, {"version": "20.9.3.0.18", "status": "affected"}, {"version": "20.9.3.0.20", "status": "affected"}, {"version": "20.9.3.0.21", "status": "affected"}, {"version": "20.9.3.0.23", "status": "affected"}, {"version": "20.10.1", "status": "affected"}, {"version": "20.10.1.1", "status": "affected"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z", "name": "cisco-sa-sdwan-vman-sc-LRLfu2z"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-sdwan-vman-sc-LRLfu2z", "discovery": "INTERNAL", "defects": ["CSCwf68936", "CSCwf55823"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:05:36.889Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z", "name": "cisco-sa-sdwan-vman-sc-LRLfu2z", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:sd-wan_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E6BF7AEE-61BF-488D-8439-35B85529DD45", "versionEndExcluding": "20.6.3.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:sd-wan_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFA494E8-5817-49FF-AF87-C1E5CC6A366B", "versionEndExcluding": "20.9.3.2", "versionStartIncluding": "20.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:sd-wan_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB339115-6B31-4A04-89BC-A053C964CDD4", "versionEndExcluding": "20.10.1.2", "versionStartIncluding": "20.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:sd-wan_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD884D68-559B-4169-9790-D8C6F694593E", "versionEndExcluding": "20.11.1.2", "versionStartIncluding": "20.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled.\r\n\r This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition."}, {"lang": "es", "value": "Una vulnerabilidad en el sistema de gesti\u00f3n de sesiones de la funci\u00f3n multiinquilino de Cisco Catalyst SD-WAN Manager podr\u00eda permitir que un atacante remoto autenticado acceda a otro tenant que est\u00e1 siendo administrado por la misma instancia de Cisco Catalyst SD-WAN Manager. Esta vulnerabilidad requiere que est\u00e9 habilitada la funci\u00f3n multi-tenant. Esta vulnerabilidad se debe a una gesti\u00f3n insuficiente de la sesi\u00f3n de usuario dentro del sistema Cisco Catalyst SD-WAN Manager. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud manipulada a un sistema afectado. Un exploit exitoso podr\u00eda permitir al atacante obtener acceso no autorizado a informaci\u00f3n sobre otro tenant, realizar cambios en la configuraci\u00f3n o posiblemente desconectar a un tenant, provocando una condici\u00f3n de denegaci\u00f3n de servicio."}], "id": "CVE-2023-20254", "lastModified": "2023-09-29T17:49:36.903", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2023-09-27T18:15:11.690", "references": [{"source": "ykramarz@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}