A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity Low
Privileges Required High
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
User Interaction None
No CVSS v3.0
No CVSS v2
This CVE is in the KEV database since Oct. 23, 2023.
Exploitation Active
Automatable No
Technical Impact Total
Affected Vendors & Products
Vendors | Products |
---|---|
Cisco |
|
Configuration 1 [-]
|
Configuration 2 [-]
AND |
|
No data.
References
History
Wed, 23 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2023-10-24T14:13:36.311Z
Updated: 2024-10-23T18:57:38.005Z
Reserved: 2022-10-27T18:47:50.373Z
Link: CVE-2023-20273
Vulnrichment
Updated: 2024-08-02T09:05:36.250Z
NVD
Status : Modified
Published: 2023-10-25T18:17:23.017
Modified: 2024-11-21T07:41:03.110
Link: CVE-2023-20273
Redhat
No data.