- 243/2023
- Critical
Cisco has released security updates to fix several vulnerabilities across multiple products.
The addressed vulnerabilities could allow the attacker to execute arbitrary commands, perform denial of service attacks, bypass security restrictions, or gain access to the affected products by various techniques such as sending specially crafted input to the web UI or sending requests directly to the SAML APIs.
Sample of the addressed vulnerabilities:
1. Cisco Catalyst SD-WAN Manager Security Bypass Vulnerability (CVE-2023- 20252):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. Cisco IOS XE Software Command Execution Vulnerability (CVE-2023-20231):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.