Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-20262

A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected. This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system. A successful exploit could allow the attacker to cause the SSH process to crash and restart, resulting in a DoS condition for the SSH service.

Published

2023-09-27T18:15:11.757

Last Modified

2024-11-21T07:41:01.443

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-399
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	cisco	catalyst_sd-wan_manager	< 20.9.3	Yes
Application	cisco	sd-wan_vmanage	< 20.3.7	Yes
Application	cisco	sd-wan_vmanage	< 20.11.1	Yes
Application	cisco	sd-wan_vmanage	20.12	Yes

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z Vendor Advisory ([email protected])
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)