CVE-2023-20254
27.09.2023, 18:15
A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled. This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| cisco | sd-wan_manager | 𝑥 < 20.6.3.4 |
| cisco | sd-wan_manager | 20.7 ≤ 𝑥 < 20.9.3.2 |
| cisco | sd-wan_manager | 20.10 ≤ 𝑥 < 20.10.1.2 |
| cisco | sd-wan_manager | 20.11 ≤ 𝑥 < 20.11.1.2 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| cisco | catalyst_sd-wan_manager | 17.2.10 ≤ 𝑥 ≤ 20.9.3.1 | ADP |
| cisco | sd-wan_vmanage | 17.2.6 | CNA |
| cisco | sd-wan_vmanage | 17.2.7 | CNA |
| cisco | sd-wan_vmanage | 17.2.8 | CNA |
| cisco | sd-wan_vmanage | 17.2.9 | CNA |
| cisco | sd-wan_vmanage | 17.2.10 | CNA |
| cisco | sd-wan_vmanage | 17.2.4 | CNA |
| cisco | sd-wan_vmanage | 17.2.5 | CNA |
| cisco | sd-wan_vmanage | 18.3.1.1 | CNA |
| cisco | sd-wan_vmanage | 18.3.3.1 | CNA |
| cisco | sd-wan_vmanage | 18.3.3 | CNA |
| cisco | sd-wan_vmanage | 18.3.4 | CNA |
| cisco | sd-wan_vmanage | 18.3.5 | CNA |
| cisco | sd-wan_vmanage | 18.3.7 | CNA |
| cisco | sd-wan_vmanage | 18.3.8 | CNA |
| cisco | sd-wan_vmanage | 18.3.6.1 | CNA |
| cisco | sd-wan_vmanage | 18.3.1 | CNA |
| cisco | sd-wan_vmanage | 18.3.0 | CNA |
| cisco | sd-wan_vmanage | 18.4.0.1 | CNA |
| cisco | sd-wan_vmanage | 18.4.3 | CNA |
| cisco | sd-wan_vmanage | 18.4.302 | CNA |
| cisco | sd-wan_vmanage | 18.4.303 | CNA |
| cisco | sd-wan_vmanage | 18.4.4 | CNA |
| cisco | sd-wan_vmanage | 18.4.5 | CNA |
| cisco | sd-wan_vmanage | 18.4.0 | CNA |
| cisco | sd-wan_vmanage | 18.4.1 | CNA |
| cisco | sd-wan_vmanage | 18.4.6 | CNA |
| cisco | sd-wan_vmanage | 19.2.0 | CNA |
| cisco | sd-wan_vmanage | 19.2.97 | CNA |
| cisco | sd-wan_vmanage | 19.2.99 | CNA |
| cisco | sd-wan_vmanage | 19.2.1 | CNA |
| cisco | sd-wan_vmanage | 19.2.2 | CNA |
| cisco | sd-wan_vmanage | 19.2.3 | CNA |
| cisco | sd-wan_vmanage | 19.2.31 | CNA |
| cisco | sd-wan_vmanage | 19.2.929 | CNA |
| cisco | sd-wan_vmanage | 19.2.4 | CNA |
| cisco | sd-wan_vmanage | 20.1.1.1 | CNA |
| cisco | sd-wan_vmanage | 20.1.12 | CNA |
| cisco | sd-wan_vmanage | 20.1.1 | CNA |
| cisco | sd-wan_vmanage | 20.1.2 | CNA |
| cisco | sd-wan_vmanage | 20.1.3 | CNA |
| cisco | sd-wan_vmanage | 19.3.0 | CNA |
| cisco | sd-wan_vmanage | 19.1.0 | CNA |
| cisco | sd-wan_vmanage | 18.2.0 | CNA |
| cisco | sd-wan_vmanage | 20.3.1 | CNA |
| cisco | sd-wan_vmanage | 20.3.2 | CNA |
| cisco | sd-wan_vmanage | 20.3.2.1 | CNA |
| cisco | sd-wan_vmanage | 20.3.3 | CNA |
| cisco | sd-wan_vmanage | 20.3.3.1 | CNA |
| cisco | sd-wan_vmanage | 20.3.4 | CNA |
| cisco | sd-wan_vmanage | 20.3.4.1 | CNA |
| cisco | sd-wan_vmanage | 20.3.4.2 | CNA |
| cisco | sd-wan_vmanage | 20.3.5 | CNA |
| cisco | sd-wan_vmanage | 20.3.6 | CNA |
| cisco | sd-wan_vmanage | 20.3.7 | CNA |
| cisco | sd-wan_vmanage | 20.3.7.1 | CNA |
| cisco | sd-wan_vmanage | 20.3.4.3 | CNA |
| cisco | sd-wan_vmanage | 20.3.5.1 | CNA |
| cisco | sd-wan_vmanage | 20.3.7.2 | CNA |
| cisco | sd-wan_vmanage | 20.4.1 | CNA |
| cisco | sd-wan_vmanage | 20.4.1.1 | CNA |
| cisco | sd-wan_vmanage | 20.4.1.2 | CNA |
| cisco | sd-wan_vmanage | 20.4.2 | CNA |
| cisco | sd-wan_vmanage | 20.4.2.2 | CNA |
| cisco | sd-wan_vmanage | 20.4.2.1 | CNA |
| cisco | sd-wan_vmanage | 20.4.2.3 | CNA |
| cisco | sd-wan_vmanage | 20.5.1 | CNA |
| cisco | sd-wan_vmanage | 20.5.1.2 | CNA |
| cisco | sd-wan_vmanage | 20.5.1.1 | CNA |
| cisco | sd-wan_vmanage | 20.6.1 | CNA |
| cisco | sd-wan_vmanage | 20.6.1.1 | CNA |
| cisco | sd-wan_vmanage | 20.6.2.1 | CNA |
| cisco | sd-wan_vmanage | 20.6.2.2 | CNA |
| cisco | sd-wan_vmanage | 20.6.2 | CNA |
| cisco | sd-wan_vmanage | 20.6.3 | CNA |
| cisco | sd-wan_vmanage | 20.6.3.1 | CNA |
| cisco | sd-wan_vmanage | 20.6.1.2 | CNA |
| cisco | sd-wan_vmanage | 20.6.3.2 | CNA |
| cisco | sd-wan_vmanage | 20.6.3.3 | CNA |
| cisco | sd-wan_vmanage | 20.6.3.0.45 | CNA |
| cisco | sd-wan_vmanage | 20.6.3.0.46 | CNA |
| cisco | sd-wan_vmanage | 20.6.3.0.47 | CNA |
| cisco | sd-wan_vmanage | 20.7.1 | CNA |
| cisco | sd-wan_vmanage | 20.7.1.1 | CNA |
| cisco | sd-wan_vmanage | 20.7.2 | CNA |
| cisco | sd-wan_vmanage | 20.8.1 | CNA |
| cisco | sd-wan_vmanage | 20.9.1 | CNA |
| cisco | sd-wan_vmanage | 20.9.2 | CNA |
| cisco | sd-wan_vmanage | 20.9.2.1 | CNA |
| cisco | sd-wan_vmanage | 20.9.3 | CNA |
| cisco | sd-wan_vmanage | 20.9.3.1 | CNA |
| cisco | sd-wan_vmanage | 20.9.2.3 | CNA |
| cisco | sd-wan_vmanage | 20.9.3.0.12 | CNA |
| cisco | sd-wan_vmanage | 20.9.3.0.16 | CNA |
| cisco | sd-wan_vmanage | 20.9.3.0.17 | CNA |
| cisco | sd-wan_vmanage | 20.9.3.0.18 | CNA |
| cisco | sd-wan_vmanage | 20.9.3.0.20 | CNA |
| cisco | sd-wan_vmanage | 20.9.3.0.21 | CNA |
| cisco | sd-wan_vmanage | 20.9.3.0.23 | CNA |
| cisco | sd-wan_vmanage | 20.10.1 | CNA |
| cisco | sd-wan_vmanage | 20.10.1.1 | CNA |
Common Weakness Enumeration