CVE-2023-20097 - Vulnerability Details

A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Cisco	Aironet 1540 Aironet 1542d Aironet 1542i Aironet 1560 Aironet 1562d Aironet 1562e Aironet 1562i Aironet 1800 Aironet 1800i Aironet 1810 Aironet 1810w Aironet 1815 Aironet 1815i Aironet 1815m Aironet 1815t Aironet 1815w Aironet 2800 Aironet 2800e Aironet 2800i Aironet 3800 Aironet 3800e Aironet 3800i Aironet 3800p Aironet 4800 Aironet Access Point Software Catalyst 9100 Catalyst 9105 Catalyst 9105ax Catalyst 9105axi Catalyst 9105axw Catalyst 9115 Catalyst 9115 Ap Catalyst 9115ax Catalyst 9115axe Catalyst 9115axi Catalyst 9117 Catalyst 9117 Ap Catalyst 9117ax Catalyst 9117axi Catalyst 9120 Catalyst 9120 Ap Catalyst 9120ax Catalyst 9120axe Catalyst 9120axi Catalyst 9120axp Catalyst 9124 Catalyst 9124ax Catalyst 9124axd Catalyst 9124axi Catalyst 9130 Catalyst 9130 Ap Catalyst 9130ax Catalyst 9130axe Catalyst 9130axi Catalyst Iw6300 Catalyst Iw6300 Ac Catalyst Iw6300 Dc Catalyst Iw6300 Dcw Esw6300 Ios Xe Wireless Lan Controller Software

Configuration 1 [-]

AND

cpe:2.3:a:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:esw6300:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:a:cisco:aironet_access_point_software:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:aironet_1540:-:::::::*
	cpe:2.3:h:cisco:aironet_1542d:-:::::::*
	cpe:2.3:h:cisco:aironet_1542i:-:::::::*
	cpe:2.3:h:cisco:aironet_1560:-:::::::*
	cpe:2.3:h:cisco:aironet_1562d:-:::::::*
	cpe:2.3:h:cisco:aironet_1562e:-:::::::*
	cpe:2.3:h:cisco:aironet_1562i:-:::::::*
	cpe:2.3:h:cisco:aironet_1800:-:::::::*
	cpe:2.3:h:cisco:aironet_1800i:-:::::::*
	cpe:2.3:h:cisco:aironet_1810:-:::::::*
	cpe:2.3:h:cisco:aironet_1810w:-:::::::*
	cpe:2.3:h:cisco:aironet_1815:-:::::::*
	cpe:2.3:h:cisco:aironet_1815i:-:::::::*
	cpe:2.3:h:cisco:aironet_1815m:-:::::::*
	cpe:2.3:h:cisco:aironet_1815t:-:::::::*
	cpe:2.3:h:cisco:aironet_1815w:-:::::::*
	cpe:2.3:h:cisco:aironet_2800:-:::::::*
	cpe:2.3:h:cisco:aironet_2800e:-:::::::*
	cpe:2.3:h:cisco:aironet_2800i:-:::::::*
	cpe:2.3:h:cisco:aironet_3800:-:::::::*
	cpe:2.3:h:cisco:aironet_3800e:-:::::::*
	cpe:2.3:h:cisco:aironet_3800i:-:::::::*
	cpe:2.3:h:cisco:aironet_3800p:-:::::::*
	cpe:2.3:h:cisco:aironet_4800:-:::::::*
	cpe:2.3:h:cisco:catalyst_9100:-:::::::*
	cpe:2.3:h:cisco:catalyst_9105:-:::::::*
	cpe:2.3:h:cisco:catalyst_9105ax:-:::::::*
	cpe:2.3:h:cisco:catalyst_9105axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9105axw:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115_ap:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115ax:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115axe:-:::::::*
	cpe:2.3:h:cisco:catalyst_9115axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9117:-:::::::*
	cpe:2.3:h:cisco:catalyst_9117_ap:-:::::::*
	cpe:2.3:h:cisco:catalyst_9117ax:-:::::::*
	cpe:2.3:h:cisco:catalyst_9117axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120_ap:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120ax:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120axe:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9120axp:-:::::::*
	cpe:2.3:h:cisco:catalyst_9124:-:::::::*
	cpe:2.3:h:cisco:catalyst_9124ax:-:::::::*
	cpe:2.3:h:cisco:catalyst_9124axd:-:::::::*
	cpe:2.3:h:cisco:catalyst_9124axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130_ap:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130ax:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130axe:-:::::::*
	cpe:2.3:h:cisco:catalyst_9130axi:-:::::::*
	cpe:2.3:h:cisco:catalyst_iw6300:-:::::::*
	cpe:2.3:h:cisco:catalyst_iw6300_ac:-:::::::*
	cpe:2.3:h:cisco:catalyst_iw6300_dc:-:::::::*
	cpe:2.3:h:cisco:catalyst_iw6300_dcw:-:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:cisco:ios_xe::::::::
	cpe:2.3:o:cisco:ios_xe::::::::
	cpe:2.3:o:cisco:ios_xe::::::::
	cpe:2.3:o:cisco:ios_xe::::::::

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironetap-cmdinj-6bjT4FL8

History

Fri, 25 Oct 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-03-23T00:00:00

Updated: 2024-10-25T16:02:19.565Z

Reserved: 2022-10-27T00:00:00

Link: CVE-2023-20097

Vulnrichment

Updated: 2024-08-02T08:57:35.587Z

NVD

Status : Modified

Published: 2023-03-23T17:15:15.027

Modified: 2024-11-21T07:40:32.780

Link: CVE-2023-20097

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-20097", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "dateUpdated": "2024-10-25T16:02:19.565Z", "dateReserved": "2022-10-27T00:00:00", "datePublished": "2023-03-23T00:00:00"}, "containers": {"cna": {"title": "Cisco Access Point Software Command Injection Vulnerability", "datePublic": "2023-03-22T00:00:00", "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2023-03-23T00:00:00"}, "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP."}], "affected": [{"vendor": "Cisco", "product": "Cisco Aironet Access Point Software ", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "20230322 Cisco Access Point Software Command Injection Vulnerability", "tags": ["vendor-advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironetap-cmdinj-6bjT4FL8"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-77", "cweId": "CWE-77"}]}], "source": {"advisory": "cisco-sa-aironetap-cmdinj-6bjT4FL8", "defect": [["CSCwc70131"]], "discovery": "INTERNAL"}, "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.587Z"}, "title": "CVE Program Container", "references": [{"name": "20230322 Cisco Access Point Software Command Injection Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironetap-cmdinj-6bjT4FL8"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-25T14:36:03.962449Z", "id": "CVE-2023-20097", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T16:02:19.565Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-20097", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "dateUpdated": "2024-10-25T16:02:19.565Z", "dateReserved": "2022-10-27T00:00:00", "datePublished": "2023-03-23T00:00:00"}, "containers": {"cna": {"title": "Cisco Access Point Software Command Injection Vulnerability", "datePublic": "2023-03-22T00:00:00", "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2023-03-23T00:00:00"}, "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP."}], "affected": [{"vendor": "Cisco", "product": "Cisco Aironet Access Point Software ", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"name": "20230322 Cisco Access Point Software Command Injection Vulnerability", "tags": ["vendor-advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironetap-cmdinj-6bjT4FL8"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-77", "cweId": "CWE-77"}]}], "source": {"advisory": "cisco-sa-aironetap-cmdinj-6bjT4FL8", "defect": [["CSCwc70131"]], "discovery": "INTERNAL"}, "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.587Z"}, "title": "CVE Program Container", "references": [{"name": "20230322 Cisco Access Point Software Command Injection Vulnerability", "tags": ["vendor-advisory", "x_transferred"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironetap-cmdinj-6bjT4FL8"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-20097", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-25T14:36:03.962449Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-25T14:40:51.754Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9EA7E3F-2EA0-4B32-BCA0-0E88FC9E4F9D", "versionEndExcluding": "8.10.183.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:esw6300:-:*:*:*:*:*:*:*", "matchCriteriaId": "09051BC5-CFE7-43EF-975D-BF77724E8776", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:aironet_access_point_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "386B92C5-05F3-40A8-8F35-280DD9E84169", "versionEndExcluding": "17.9.0.135", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:aironet_1540:-:*:*:*:*:*:*:*", "matchCriteriaId": "72BFEED4-7AD7-406F-A044-BDEA98133711", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*", "matchCriteriaId": "C5DB7510-2741-464A-8FC9-8419985E330F", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AE916B2-CAAD-4508-A47E-A7D4D88B077A", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1560:-:*:*:*:*:*:*:*", "matchCriteriaId": "8191FD87-4E55-4F38-8DB0-7E6772AD075B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D717945-EE41-4D0F-86EF-90826EBE9C3E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*", "matchCriteriaId": "99EAEA92-6589-4DFB-BC4B-8CBA425452D9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*", "matchCriteriaId": "D27AB201-342D-4517-9E05-6088598F4695", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1800:-:*:*:*:*:*:*:*", "matchCriteriaId": "02F4C00A-D1E2-4B21-A14E-F30B4B818493", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1800i:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC836B4D-A489-4300-B0A2-EF0B6E01E623", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1810:-:*:*:*:*:*:*:*", "matchCriteriaId": "36F923CF-D4EB-48F8-821D-8BB3A69ABB62", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1810w:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D613A17-FFA9-4FF0-9C2A-AF8ACD59B765", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1815:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8BF9DDB-884D-47B5-A295-8BFA5207C412", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1815i:-:*:*:*:*:*:*:*", "matchCriteriaId": "207DC80E-499C-4CA3-8A88-F027DBC64CCF", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1815m:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E3225A6-DA3C-49FE-B0F8-8AC6B7DA3347", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1815t:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E1D6F32-3F51-4C5B-97AF-1AD8917FCB07", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_1815w:-:*:*:*:*:*:*:*", "matchCriteriaId": "E09FEE6E-8169-4E90-ACF6-88BEE747D7A8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_2800:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C28A6B0-10FF-4C6D-8527-2313E163C98E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*", "matchCriteriaId": "098A82FF-95F7-416A-BADD-C57CE81ACD32", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD1D5813-9223-4B3F-9DE2-F3EF854FC927", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_3800:-:*:*:*:*:*:*:*", "matchCriteriaId": "7636F7E2-E386-4F8C-A0C5-F510D8E21DA4", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*", "matchCriteriaId": "10D7583E-2B61-40F1-B9A6-701DA08F8CDF", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*", "matchCriteriaId": "945DDBE7-6233-416B-9BEE-7029F047E298", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*", "matchCriteriaId": "0ED89428-750C-4C26-B2A1-E3D63F8B3F44", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4D8A4CB-5B80-4332-BCBC-DA18AD94D215", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9100:-:*:*:*:*:*:*:*", "matchCriteriaId": "749040C6-A21A-4EF3-8213-42EE01CFA303", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9105:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F3CCCFE-88CC-4F7B-8958-79CA62516EA9", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9105ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "C76DACE3-7D3B-4FE6-8567-0C9D43FF7A7E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9105axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "19F93DF4-67DB-4B30-AC22-60C67DF32DB2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9105axw:-:*:*:*:*:*:*:*", "matchCriteriaId": "59C77B06-3C22-4092-AAAB-DB099A0B16A6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9115:-:*:*:*:*:*:*:*", "matchCriteriaId": "4081C532-3B10-4FBF-BB22-5BA17BC6FCF8", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9115_ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "56A3430C-9AF7-4604-AD95-FCF2989E9EB0", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9115ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "36E2B891-4F41-4D0D-BAA2-0256C0565BDE", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9115axe:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE4C56A6-E843-498A-A17B-D3D1B01E70E7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9115axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "F050F416-44C3-474C-9002-321A33F288D6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9117:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FCE2220-E2E6-4A17-9F0A-2C927FAB4AA5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9117_ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "C4AE36E2-E7E9-4E49-8BFF-615DACFC65C1", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9117ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "BA8798F4-35BB-4F81-9385-B0274BFAAF15", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9117axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A699C5C-CD03-4263-952F-5074B470F20E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9120:-:*:*:*:*:*:*:*", "matchCriteriaId": "A47C2D6F-8F90-4D74-AFE1-EAE954021F46", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9120_ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "C04889F8-3C2A-41AA-9DC9-5A4A4BBE60E7", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9120ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "5889AFA2-752E-4EDD-A837-5C003025B25C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9120axe:-:*:*:*:*:*:*:*", "matchCriteriaId": "46D41CFE-784B-40EE-9431-8097428E5892", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9120axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D148A27-85B6-4883-96B5-343C8D32F23B", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9120axp:-:*:*:*:*:*:*:*", "matchCriteriaId": "735CA950-672C-4787-8910-48AD07868FDE", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9124:-:*:*:*:*:*:*:*", "matchCriteriaId": "C11EF240-7599-4138-B7A7-17E4479F5B83", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9124ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "53852300-C1D2-4F84-B8DA-4EDBCB374075", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9124axd:-:*:*:*:*:*:*:*", "matchCriteriaId": "E987C945-4D6D-4BE5-B6F0-784B7E821D11", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9124axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "B434C6D7-F583-4D2B-9275-38A5EC4ECC30", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9130:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1C8E35A-5A9B-4D56-A753-937D5CFB5B19", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9130_ap:-:*:*:*:*:*:*:*", "matchCriteriaId": "248A3FFC-C33C-4336-A37C-67B6046556E5", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9130ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "5CADEB5A-5147-4420-A825-BAB07BD60AA2", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9130axe:-:*:*:*:*:*:*:*", "matchCriteriaId": "4EC1F736-6240-4FA2-9FEC-D8798C9D287C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_9130axi:-:*:*:*:*:*:*:*", "matchCriteriaId": "169E5354-07EA-4639-AB4B-20D2B9DE784C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_iw6300:-:*:*:*:*:*:*:*", "matchCriteriaId": "C559D6F7-B432-4A2A-BE0E-9697CC412C70", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_iw6300_ac:-:*:*:*:*:*:*:*", "matchCriteriaId": "23153AA4-B169-4421-BFF8-873205FC9C21", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_iw6300_dc:-:*:*:*:*:*:*:*", "matchCriteriaId": "67DC3B71-B64D-4C49-B089-B274FA34ECB6", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:catalyst_iw6300_dcw:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F857465-314F-4124-9835-8A269486D654", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", "matchCriteriaId": "810472FD-52DE-4694-98FA-1AD858BEC895", "versionEndExcluding": "16.12.8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", "matchCriteriaId": "55C1CD64-ADE0-453F-9E0B-EA952F743892", "versionEndExcluding": "17.3.6", "versionStartIncluding": "17.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", "matchCriteriaId": "612EB810-AB85-49D4-BB5C-C03E2B1A0B43", "versionEndExcluding": "17.6.5", "versionStartIncluding": "17.4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F4C5572-9D7D-405C-AF93-DF9FF07F92F7", "versionEndExcluding": "17.9.2", "versionStartIncluding": "17.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP."}], "id": "CVE-2023-20097", "lastModified": "2024-11-21T07:40:32.780", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 2.7, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-23T17:15:15.027", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironetap-cmdinj-6bjT4FL8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironetap-cmdinj-6bjT4FL8"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object