CVE-2023-20252

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.9.3.2:::::::*
	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.11.1.2:::::::*

History

16 Oct 2023, 16:35

Type	Values Removed	Values Added
CPE	cpe:2.3:a:cisco:sd-wan_vmanage:20.9.3.2:::::::* cpe:2.3:a:cisco:sd-wan_vmanage:20.11.1.2:::::::*	cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.9.3.2:::::::* cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.11.1.2:::::::*
First Time		Cisco catalyst Sd-wan Manager

04 Oct 2023, 01:44

Type	Values Removed	Values Added
References	~~(MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z -~~	(MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z - Vendor Advisory
First Time		Cisco sd-wan Vmanage Cisco
CWE		CWE-287
CPE		cpe:2.3:a:cisco:sd-wan_vmanage:20.9.3.2:::::::* cpe:2.3:a:cisco:sd-wan_vmanage:20.11.1.2:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

27 Sep 2023, 18:31

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-27 18:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-20252

Mitre link : CVE-2023-20252

CVE.ORG link : CVE-2023-20252

JSON object : View

Products Affected

cisco

catalyst_sd-wan_manager

CWE

CWE-287

Improper Authentication

CWE-862

Missing Authorization

{"id": "CVE-2023-20252", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-09-27T18:15:11.553", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user.\r\n\r This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application."}, {"lang": "es", "value": "Una vulnerabilidad en las API del Security Assertion Markup Language (SAML) del software Cisco Catalyst SD-WAN Manager podr\u00eda permitir que un atacante remoto no autenticado obtenga acceso no autorizado a la aplicaci\u00f3n como un usuario arbitrario. Esta vulnerabilidad se debe a comprobaciones de autenticaci\u00f3n incorrectas para las API de SAML. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando solicitudes directamente a la API SAML. Un exploit exitoso podr\u00eda permitir al atacante generar un token de autorizaci\u00f3n suficiente para obtener acceso a la aplicaci\u00f3n."}], "lastModified": "2024-01-25T17:15:41.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.9.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EED698CC-E559-41E2-A970-BA6F5B7579CC"}, {"criteria": "cpe:2.3:a:cisco:catalyst_sd-wan_manager:20.11.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D75FD0B3-1C01-4304-AFF1-0DE10783D6E8"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}