Cisco Secure Network Analytics Remote Code Execution Vulnerability
CVE-2023-20102

8.8HIGH

Key Information:

Vendor: Cisco
Status: Cisco Secure Network Analytics
Vendor: CVE Published:; 5 April 2023

Badges

👾 Exploit Exists

Summary

A security flaw in the web management interface of Cisco Secure Network Analytics enables an authenticated remote attacker to execute arbitrary code on the underlying operating system due to inadequate sanitization of user inputs. By crafting a malicious HTTP request, an attacker could potentially gain administrative privileges and compromise the system integrity.

Affected Version(s)

Cisco Secure Network Analytics

References

https://sec.cloudapps.cisco.com/security/center/content/C...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Oct 28, 2024
Vulnerability published
Apr 5, 2023
Vulnerability Reserved
Oct 27, 2022