CVE-2023-20254

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 27, 2023

Updated: Sep 29, 2023

CWE ID 732

Summary

CVE-2023-20254 is a vulnerability affecting the session management system in Cisco Catalyst SD-WAN Manager's multi-tenant feature. An authenticated, remote attacker can exploit this issue, which arises from insufficient user session management, to gain unauthorized access to another tenant managed by the same instance. The multi-tenant feature must be enabled for this vulnerability to be exploited. Successful exploitation could result in unauthorized access to tenant information, configuration changes, or a denial of service condition.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sz-W5-
https://www.cve.org/CVERecord?id=CVE-2023-20254
https://nvd.nist.gov/vuln/detail/CVE-2023-20254

Back to Vulnerability Database

CVE-2023-20254

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations