Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2023-20179

Опубликовано: 27 сент. 2023
Источник: nvd
CVSS3: 4.3
CVSS3: 5.4
EPSS Низкий

Описание

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content.

This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
Версия до 20.6.6 (исключая)
cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*
Версия от 20.7 (включая) до 20.10 (исключая)

EPSS

Процентиль: 24%
0.00081
Низкий

4.3 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-80
CWE-79

Связанные уязвимости

github логотип

GHSA-6g9h-226r-qp89

CVSS3: 4.3
github
больше 2 лет назад

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application.

fstec логотип

BDU:2023-06247

CVSS3: 4.3
fstec
больше 3 лет назад

Уязвимость веб-интерфейса управления централизованной системы управления сетью Cisco Catalyst SD-WAN Manager (ранее Cisco SD-WAN vManage), позволяющая нарушителю проводить межсайтовые сценарные атаки

EPSS

Процентиль: 24%
0.00081
Низкий

4.3 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-80
CWE-79