What is the vulnerability ID of this vulnerability?

The vulnerability ID is CVE-2023-20262.

What is the severity of the vulnerability?

The severity of the vulnerability is high with a severity value of 7.5.

What is the affected software?

The affected software is Cisco SD-WAN vManage versions up to 20.3.7, versions between 20.4 and 20.9.3, versions between 20.10 and 20.11.1, and version 20.12.

Is web UI access affected by this vulnerability?

No, web UI access is not affected by this vulnerability.

Vulnerability/
CVE-2023-20262

high

7.5

CWE

399

27/9/2023

2/8/2024

CVE-2023-20262

Q: What does this vulnerability allow an attacker to do?

This vulnerability allows an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only.

First published: Wed Sep 27 2023(Updated: )

A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected. This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system. A successful exploit could allow the attacker to cause the SSH process to crash and restart, resulting in a DoS condition for the SSH service.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Catalyst SD-WAN Manager	>=20.4<20.9.3
Cisco SD-WAN vManage	<20.3.7
Cisco SD-WAN vManage	>=20.10<20.11.1
Cisco SD-WAN vManage	=20.12

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z

Frequently Asked Questions

What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2023-20262.
What is the severity of the vulnerability?
The severity of the vulnerability is high with a severity value of 7.5.
What is the affected software?
The affected software is Cisco SD-WAN vManage versions up to 20.3.7, versions between 20.4 and 20.9.3, versions between 20.10 and 20.11.1, and version 20.12.
What does this vulnerability allow an attacker to do?
This vulnerability allows an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only.
Is web UI access affected by this vulnerability?
No, web UI access is not affected by this vulnerability.

collector/nvd-index
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/references
agent/weakness
agent/description
agent/event
agent/first-publish-date
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/cisco
canonical/cisco catalyst sd-wan manager
version/cisco catalyst sd-wan manager/20.4
canonical/cisco sd-wan vmanage
version/cisco sd-wan vmanage/20.10
version/cisco sd-wan vmanage/20.12

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.