CVE-2023-20113 MEDIUM

CVE-2023-20113: Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability

Vendor Cisco

Product Cisco SD-WAN vManage

Weakness CWE-352 · CSRF

Published March 23, 2023

Last update October 28, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts.

Key dates

02Disclosure timeline

March 23, 2023 CVE published

October 28, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-20113 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

CVE-2023-20113: Cisco SD-WAN vManage Software Cross-Site Request Forgery Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE