CVE-2023-20252
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user.
This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.
Una vulnerabilidad en las API del Security Assertion Markup Language (SAML) del software Cisco Catalyst SD-WAN Manager podría permitir que un atacante remoto no autenticado obtenga acceso no autorizado a la aplicación como un usuario arbitrario. Esta vulnerabilidad se debe a comprobaciones de autenticación incorrectas para las API de SAML. Un atacante podría aprovechar esta vulnerabilidad enviando solicitudes directamente a la API SAML. Un exploit exitoso podría permitir al atacante generar un token de autorización suficiente para obtener acceso a la aplicación.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2022-10-27 CVE Reserved
- 2023-09-27 CVE Published
- 2024-10-23 CVE Updated
- 2024-10-29 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
- CWE-862: Missing Authorization
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Catalyst Sd-wan Manager Search vendor "Cisco" for product "Catalyst Sd-wan Manager" | 20.9.3.2 Search vendor "Cisco" for product "Catalyst Sd-wan Manager" and version "20.9.3.2" | - |
Affected
| ||||||
Cisco Search vendor "Cisco" | Catalyst Sd-wan Manager Search vendor "Cisco" for product "Catalyst Sd-wan Manager" | 20.11.1.2 Search vendor "Cisco" for product "Catalyst Sd-wan Manager" and version "20.11.1.2" | - |
Affected
|