- 95/2023
- Critical
Cisco released security updates to address several vulnerabilities affecting multiple Cisco products.
The addressed vulnerabilities could allow the remote attacker to bypass security restrictions, escalate privileges, gain access, or cause a denial of service attack on the affected systems.
Samples of the addressed vulnerabilities:
1. Cisco Modeling Labs External Authentication Bypass Vulnerability (CVE-2023-20154):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. Cisco StarOS Software Key-Based SSH Authentication Privilege Escalation Vulnerability (CVE-2023-20046):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
Sample of the affected products:
- Cisco SD-WAN vManage software.
- Cisco Modeling Labs Enterprise.
- Cisco BroadWorks Network Server.
- Cisco Industrial Network Director (IND).
Vulnerabilities
Mitigations
The enterprise should deploy patches as soon as the testing phase is completed.