CVSS 3.1 Score 7.2 of 10 (high)


Published Sep 27, 2023
Updated: Sep 29, 2023
CWE ID 732


CVE-2023-20254 is a vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature. This vulnerability allows an authenticated, remote attacker to access another tenant managed by the same instance of Cisco Catalyst SD-WAN Manager. The vulnerability requires the multi-tenant feature to be enabled. The attacker can exploit this vulnerability by sending a crafted request to the affected system, potentially gaining unauthorized access to information, making configuration changes, or causing a denial of service condition. The base severity of this vulnerability is rated as HIGH and it has a CVSS score of 7.2 out of 10. It affects products such as s1k-u-, Qher0F, and ejMqN-. To remediate this vulnerability, users should apply the latest security updates provided by Cisco.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-20254 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options