Cisco Modeling Labs External Authentication Vulnerability
CVE-2023-20154

9.1CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Modeling Labs
Vendor: CVE Published:; 15 November 2024

Summary

A vulnerability exists in the external authentication mechanism of Cisco Modeling Labs, allowing an unauthenticated, remote attacker to compromise the web interface with administrative privileges. This issue arises from the improper handling of messages by the external authentication server, enabling an attacker to bypass the login process under specific conditions. By exploiting this flaw, an attacker could gain full access to the web interface, including the ability to modify simulations and user-generated data. It is essential that organizations using affected versions of Cisco Modeling Labs apply the latest software updates and consider available workarounds to mitigate the risk associated with this vulnerability.

Affected Version(s)

Cisco Modeling Labs 2.3.0

Cisco Modeling Labs 2.3.1

Cisco Modeling Labs 2.4.0

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Oct 27, 2022