CVE-2023-20231
HIGH
Published 2023-09-27T17:19:17.664Z
Actions:
CVSS Score
V3.1
8.8
/10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A
Impact: N/A
EPSS Score
v2023.03.01
0.001
probability
of exploitation in the wild
There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.
Updated: 2025-01-25
Exploit Probability
Percentile: 0.481
Higher than 48.1% of all CVEs
Attack Vector Metrics
Impact Metrics
Description
A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.
Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
16.12.8
16.12.4
16.12.4a
16.12.5
16.12.6
16.12.5a
16.12.5b
16.12.6a
16.12.7
16.12.9
17.2.2
17.2.3
17.3.1
17.3.2
17.3.3
17.3.1a
17.3.1w
17.3.2a
17.3.1x
17.3.1z
17.3.4
17.3.5
17.3.4a
17.3.6
17.3.4b
17.3.4c
17.3.5a
17.3.5b
17.4.1
17.4.2
17.4.1a
17.4.1b
17.4.2a
17.5.1
17.5.1a
17.5.1b
17.5.1c
17.6.1
17.6.2
17.6.1w
17.6.1a
17.6.1x
17.6.3
17.6.1y
17.6.1z
17.6.3a
17.6.4
17.6.1z1
17.6.5
17.6.5a
17.7.1
17.7.1a
17.7.1b
17.7.2
17.10.1
17.10.1a
17.10.1b
17.8.1
17.8.1a
17.9.1
17.9.1w
17.9.2
17.9.1a
17.9.1x
17.9.1y
17.9.2a
17.9.1x1
Published: 2023-09-27T17:19:17.664Z
Last Modified: 2024-10-24T16:43:47.359Z
Copied to clipboard!