- 30/2023
- High
Cisco has released security updates to address several vulnerabilities in multiple Cisco products.
The released security updates fix several vulnerabilities affecting multiple Cisco products such as Cisco IOS XE Software, 800 Series Industrial ISRs, Catalyst Access Points (COS-APs), CGR1000 Compute Modules, RV340 Dual WAN Gigabit VPN Routers, RV340W Dual WAN Gigabit Wireless-AC VPN Routers, RV345 Dual WAN Gigabit VPN Routers, RV345P Dual WAN Gigabit POE VPN Routers, Cisco ISE, Cisco Prime Infrastructure Software.
The addressed vulnerabilities could allow the remote attacker to perform various attacks such as: executing arbitrary commands on the affected system by using a specially-crafted activation payload file or executing a script in a victim’s web browser by using a specially-crafted URL.
Sample of the addressed vulnerabilities:
1. Cisco IOS XE Software Command Execution (CVE-2023-20076):
• CVSS: 7.2
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: High
• User Interaction: None
• Consequences: Gain Access
2. Cisco Prime Infrastructure Cross-Site Scripting (CVE-2023-20068):
• CVSS: 6.1
• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: Required
• Consequences: Cross-Site Scripting
Vulnerabilities
- CVE-2023-20076
- CVE-2023-20068
- CVE-2023-20073
- CVE-2023-20030
- CVE-2023-20021
- CVE-2023-20022
- CVE-2023-20023
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.