Vulnerability Description
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an affected device using either local terminal access or a management shell interface and then submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system. Note: For additional information about specific impacts, see the Details section of this advisory.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ios Xe Sd-Wan | - |
| Cisco | Catalyst 8000V Edge | - |
| Cisco | 1100-4G\/6G Integrated Services Router | - |
| Cisco | 1100-4P Integrated Services Router | - |
| Cisco | 1100-8P Integrated Services Router | - |
| Cisco | 1100 Integrated Services Router | - |
| Cisco | 1101-4P Integrated Services Router | - |
| Cisco | 1101 Integrated Services Router | - |
| Cisco | 1109-2P Integrated Services Router | - |
| Cisco | 1109-4P Integrated Services Router | - |
| Cisco | 1109 Integrated Services Router | - |
| Cisco | 1120 Integrated Services Router | - |
| Cisco | 1131 Integrated Services Router | - |
| Cisco | 1160 Integrated Services Router | - |
| Cisco | 4221 Integrated Services Router | - |
| Cisco | 4321 Integrated Services Router | - |
| Cisco | 4331 Integrated Services Router | - |
| Cisco | 4351 Integrated Services Router | - |
| Cisco | 4431 Integrated Services Router | - |
| Cisco | 4451-X Integrated Services Router | - |
Related Weaknesses (CWE)
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
FAQ
What is CVE-2023-20035?
CVE-2023-20035 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficien...
How severe is CVE-2023-20035?
CVE-2023-20035 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-20035?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ios Xe Sd-Wan, Cisco Catalyst 8000V Edge, Cisco 1100-4G\/6G Integrated Services Router, Cisco 1100-4P Integrated Services Router, Cisco 1100-8P Integrated Services Router.