medium
6.7
CWE
77 20
Advisory Published
Updated

CVE-2023-20097: Cisco Access Point Software Command Injection Vulnerability

First published: Thu Mar 23 2023(Updated: )

A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP.

Credit: ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco Wireless LAN Controller Software<8.10.183.0
Cisco Esw6300
Cisco Aironet Access Point Software<17.9.0.135
Cisco Aironet 1540
Cisco Aironet 1542d
Cisco Aironet 1542i
Cisco Aironet 1560
Cisco Aironet 1562d
Cisco Aironet 1562e
Cisco Aironet 1562i
Cisco Aironet 1800
Cisco Aironet 1800i
Cisco Aironet 1810
Cisco Aironet 1810w
Cisco Aironet 1815
Cisco Aironet 1815i
Cisco Aironet 1815m
Cisco Aironet 1815t
Cisco Aironet 1815w
Cisco Aironet 2800
Cisco Aironet 2800e
Cisco Aironet 2800i
Cisco Aironet 3800
Cisco Aironet 3800e
Cisco Aironet 3800i
Cisco Aironet 3800p
Cisco Aironet 4800
Cisco Catalyst 9100
Cisco Catalyst 9105
Cisco Catalyst 9105ax
Cisco Catalyst 9105axi
Cisco Catalyst 9105axw
Cisco Catalyst 9115
Cisco Catalyst 9115 Ap
Cisco Catalyst 9115ax
Cisco Catalyst 9115axe
Cisco Catalyst 9115axi
Cisco Catalyst 9117
Cisco Catalyst 9117 Ap
Cisco Catalyst 9117ax
Cisco Catalyst 9117axi
Cisco Catalyst 9120
Cisco Catalyst 9120 Ap
Cisco Catalyst 9120ax
Cisco Catalyst 9120axe
Cisco Catalyst 9120axi
Cisco Catalyst 9120axp
Cisco Catalyst 9124
Cisco Catalyst 9124ax
Cisco Catalyst 9124axd
Cisco Catalyst 9124axi
Cisco Catalyst 9130
Cisco Catalyst 9130 Ap
Cisco Catalyst 9130ax
Cisco Catalyst 9130axe
Cisco Catalyst 9130axi
Cisco Catalyst Iw6300
Cisco Catalyst Iw6300 Ac
Cisco Catalyst Iw6300 Dc
Cisco Catalyst Iw6300 Dcw
Cisco IOS XE<16.12.8
Cisco IOS XE>=17.1<17.3.6
Cisco IOS XE>=17.4<17.6.5
Cisco IOS XE>=17.7<17.9.2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2023-20097?

    CVE-2023-20097 is a vulnerability in Cisco access points (AP) software that allows an authenticated local attacker to inject and execute arbitrary commands with root privileges.

  • How does CVE-2023-20097 affect Cisco wireless LAN controller software?

    Cisco wireless LAN controller software versions up to 8.10.183.0 are affected by CVE-2023-20097.

  • Which Cisco Aironet Access Point Software versions are affected by CVE-2023-20097?

    Cisco Aironet Access Point Software versions up to 17.9.0.135 are affected by CVE-2023-20097.

  • What is the severity of CVE-2023-20097?

    CVE-2023-20097 has a severity rating of 6.7 (medium).

  • Where can I find more information about CVE-2023-20097?

    More information about CVE-2023-20097 can be found at the Cisco Security Advisory at the following link: [Cisco Security Advisory](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironetap-cmdinj-6bjT4FL8).

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203