Description

The Cisco IOS XE Web UI has an authentication bypass vulnerability. An unauthenticated attacker can bypass the authentication with a specially crafted HTTP request and get full access to the system.

Remediation

Upgrade to the latest version of Cisco IOS XE

References

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

Cisco IOS XE CVE-2023-20198: Deep Dive and POC

Related Vulnerabilities

Ruby Inefficient Regular Expression Complexity Vulnerability (CVE-2023-28756)

PostgreSQL CVE-2018-1058 Vulnerability (CVE-2018-1058)

Oracle HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2022-25313)

Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24598)

Oracle Database Server CVE-2014-0377 Vulnerability (CVE-2014-0377)

Severity

Critical

Classification

CVE-2023-20198 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Authentication Bypass Known Vulnerabilities