CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-20252

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.8%

CVSS Severity

CVSS v3 Score 9.8

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z

Products affected by CVE-2023-20252

Cisco » Catalyst Sd-Wan Manager » Version: 20.11.1.2

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.11.1.2
Cisco » Catalyst Sd-Wan Manager » Version: 20.9.3.2

cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.9.3.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-20252

Products

Pricing

Contact Us