CVE-2023-20262
Published: Sep 27, 2023
Modified: Aug 2, 2024
CVSS v3.1
5.3
Description
A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected. This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system. A successful exploit could allow the attacker to cause the SSH process to crash and restart, resulting in a DoS condition for the SSH service.
| Vendor | Product | Versions |
|---|---|---|
Cisco | Cisco SD-WAN Solution | affected 17.2.4affected 17.2.5affected 17.2.6affected 17.2.7affected 17.2.8+86 more versions |
Cisco | Cisco SD-WAN vManage | affected 17.2.6affected 17.2.7affected 17.2.8affected 17.2.9affected 17.2.10+70 more versions |
Cisco | Cisco SD-WAN vSmart | affected N/A |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now