CVE-2023-20252

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z	Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.9.3.2:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.11.1.2:::::::*

History

21 Nov 2024, 07:40

Type	Values Removed	Values Added
References	~~() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z - Vendor Advisory~~	() https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z - Vendor Advisory

25 Jan 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-27 18:15

Updated : 2024-11-21 07:40

NVD link : CVE-2023-20252

Mitre link : CVE-2023-20252

CVE.ORG link : CVE-2023-20252

JSON object : View

Products Affected

cisco

catalyst_sd-wan_manager

CWE

CWE-862

Missing Authorization

CWE-287

Improper Authentication

{"id": "CVE-2023-20252", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-09-27T18:15:11.553", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-862"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user.\r\n\r This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application."}, {"lang": "es", "value": "Una vulnerabilidad en las API del Security Assertion Markup Language (SAML) del software Cisco Catalyst SD-WAN Manager podr\u00eda permitir que un atacante remoto no autenticado obtenga acceso no autorizado a la aplicaci\u00f3n como un usuario arbitrario. Esta vulnerabilidad se debe a comprobaciones de autenticaci\u00f3n incorrectas para las API de SAML. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando solicitudes directamente a la API SAML. Un exploit exitoso podr\u00eda permitir al atacante generar un token de autorizaci\u00f3n suficiente para obtener acceso a la aplicaci\u00f3n."}], "lastModified": "2024-11-21T07:40:59.973", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.9.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EED698CC-E559-41E2-A970-BA6F5B7579CC"}, {"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.11.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D75FD0B3-1C01-4304-AFF1-0DE10783D6E8"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}