Description

The Cisco IOS XE Web UI has an authentication bypass vulnerability. An unauthenticated attacker can bypass the authentication with a specially crafted HTTP request and get full access to the system.

Remediation

Upgrade to the latest version of Cisco IOS XE

References

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

Cisco IOS XE CVE-2023-20198: Deep Dive and POC

Related Vulnerabilities

MyBB Improper Input Validation Vulnerability (CVE-2016-9420)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-4369)

PostgreSQL CVE-2009-3229 Vulnerability (CVE-2009-3229)

Drupal Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2020-13664)

Oracle JRE CVE-2020-2816 Vulnerability (CVE-2020-2816)

Severity

Critical

Classification

CVE-2023-20198 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Authentication Bypass Known Vulnerabilities