CVSS 3.1 Score 6.5 of 10 (medium)


Published Oct 18, 2023
Updated: Jan 25, 2024
CWE ID 284


CVE-2023-20261 is a vulnerability in the web UI of Cisco Catalyst SD-WAN Manager that could allow an authenticated, remote attacker to retrieve arbitrary files from the affected system. The vulnerability occurs due to improper validation of parameters sent to the web UI. An attacker can exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests through the web UI. To exploit this vulnerability, the attacker must have authenticated access. The affected products include various versions of tzob, tCwJW, and tHubT. The potential danger lies in an attacker being able to obtain arbitrary files from the underlying Linux file system of an affected system, posing a risk to confidentiality. The vulnerability has a CVSS base score of 6.5 and is classified as medium severity.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-20261 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options