CVE-2023-20097: Cisco Access Point Software Command Injection Vulnerability
First published: Thu Mar 23 2023(Updated: )
A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Wireless LAN Controller software 7.1 | <8.10.183.0 | |
| Cisco ESW6300 Firmware | ||
| Cisco Access Point Software | <17.9.0.135 | |
| Cisco Aironet 1540 Firmware | ||
| Cisco Aironet 1542D | ||
| Cisco Aironet 1542i Firmware | ||
| Cisco Aironet 1560 | ||
| Cisco Aironet 1562 firmware | ||
| Cisco Aironet 1562E Firmware | ||
| Cisco Aironet 1562 firmware | ||
| Cisco Aironet 1800 Firmware | ||
| Cisco Aironet 1800i Firmware | ||
| Cisco Aironet 1810 | ||
| Cisco Aironet 1810w | ||
| Cisco Aironet 1815 Firmware | ||
| Cisco Aironet 1815 Firmware | ||
| Cisco Aironet 1815 Firmware | ||
| Cisco Aironet 1815 Firmware | ||
| Cisco Aironet 1815 Firmware | ||
| Cisco Aironet 2800 | ||
| Cisco Aironet 2800e Firmware | ||
| Cisco Aironet 2800 Firmware | ||
| Cisco Aironet 3800p | ||
| Cisco Aironet 3800E Firmware | ||
| Cisco Aironet 3800 Firmware | ||
| Cisco Aironet 3800P Firmware | ||
| Cisco Aironet 4800 Firmware | ||
| Cisco Catalyst 9100 firmware | ||
| Cisco Catalyst 9000 Family Switches | ||
| Cisco Catalyst 9105 Firmware | ||
| Cisco Catalyst 9105 Firmware | ||
| Cisco Catalyst 9105AX | ||
| Cisco Catalyst 9115 Firmware | ||
| Cisco Catalyst 9115axi | ||
| Cisco Catalyst 9115 AP Firmware | ||
| Cisco Catalyst 9115 AP Firmware | ||
| Cisco Catalyst 9115AXI | ||
| Cisco Catalyst 9117 Firmware | ||
| Cisco Catalyst 9117 | ||
| Cisco Catalyst 9117AX Firmware | ||
| Cisco Catalyst 9117AX | ||
| Cisco Catalyst 9120 Access Point Firmware | ||
| Cisco Catalyst 9120 | ||
| Cisco Catalyst 9120 Firmware | ||
| Cisco Catalyst 9120 Firmware | ||
| Cisco Catalyst 9120 Firmware | ||
| Cisco Catalyst 9120 Firmware | ||
| Cisco Catalyst 9124 Firmware | ||
| Cisco Catalyst 9124 Firmware | ||
| Cisco Catalyst 9124 Firmware | ||
| Cisco Catalyst 9124 Firmware | ||
| Cisco Catalyst 9130 Access Point Firmware | ||
| Cisco Catalyst 9130 | ||
| Cisco Catalyst 9130 Firmware | ||
| Cisco Catalyst 9130 Firmware | ||
| Cisco Catalyst 9130 Firmware | ||
| Cisco Catalyst IW6300 AC Firmware | ||
| Cisco Catalyst IW6300 | ||
| Cisco Catalyst IW6300 | ||
| Cisco Catalyst IW6300 | ||
| Cisco IOS XE | <16.12.8 | |
| Cisco IOS XE | >=17.1<17.3.6 | |
| Cisco IOS XE | >=17.4<17.6.5 | |
| Cisco IOS XE | >=17.7<17.9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-20097?
CVE-2023-20097 is a vulnerability in Cisco access points (AP) software that allows an authenticated local attacker to inject and execute arbitrary commands with root privileges.
How does CVE-2023-20097 affect Cisco wireless LAN controller software?
Cisco wireless LAN controller software versions up to 8.10.183.0 are affected by CVE-2023-20097.
Which Cisco Aironet Access Point Software versions are affected by CVE-2023-20097?
Cisco Aironet Access Point Software versions up to 17.9.0.135 are affected by CVE-2023-20097.
What is the severity of CVE-2023-20097?
CVE-2023-20097 has a severity rating of 6.7 (medium).
Where can I find more information about CVE-2023-20097?
More information about CVE-2023-20097 can be found at the Cisco Security Advisory at the following link: [Cisco Security Advisory](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironetap-cmdinj-6bjT4FL8).
- agent/weakness
- agent/type
- agent/author
- agent/references
- agent/description
- agent/title
- agent/severity
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco wireless lan controller software 7.1
- canonical/cisco esw6300 firmware
- canonical/cisco access point software
- canonical/cisco aironet 1540 firmware
- canonical/cisco aironet 1542d
- canonical/cisco aironet 1542i firmware
- canonical/cisco aironet 1560
- canonical/cisco aironet 1562 firmware
- canonical/cisco aironet 1562e firmware
- canonical/cisco aironet 1800 firmware
- canonical/cisco aironet 1800i firmware
- canonical/cisco aironet 1810
- canonical/cisco aironet 1810w
- canonical/cisco aironet 1815 firmware
- canonical/cisco aironet 2800
- canonical/cisco aironet 2800e firmware
- canonical/cisco aironet 2800 firmware
- canonical/cisco aironet 3800p
- canonical/cisco aironet 3800e firmware
- canonical/cisco aironet 3800 firmware
- canonical/cisco aironet 3800p firmware
- canonical/cisco aironet 4800 firmware
- canonical/cisco catalyst 9100 firmware
- canonical/cisco catalyst 9000 family switches
- canonical/cisco catalyst 9105 firmware
- canonical/cisco catalyst 9105ax
- canonical/cisco catalyst 9115 firmware
- canonical/cisco catalyst 9115axi
- canonical/cisco catalyst 9115 ap firmware
- canonical/cisco catalyst 9117 firmware
- canonical/cisco catalyst 9117
- canonical/cisco catalyst 9117ax firmware
- canonical/cisco catalyst 9117ax
- canonical/cisco catalyst 9120 access point firmware
- canonical/cisco catalyst 9120
- canonical/cisco catalyst 9120 firmware
- canonical/cisco catalyst 9124 firmware
- canonical/cisco catalyst 9130 access point firmware
- canonical/cisco catalyst 9130
- canonical/cisco catalyst 9130 firmware
- canonical/cisco catalyst iw6300 ac firmware
- canonical/cisco catalyst iw6300
- canonical/cisco ios xe
- version/cisco ios xe/17.1
- version/cisco ios xe/17.4
- version/cisco ios xe/17.7