Denial of Service Vulnerability in Cisco Catalyst SD-WAN Manager's SSH Service
CVE-2023-20262

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco SD-WAN Solution; Cisco SD-WAN vManage; Cisco SD-WAN vSmart
Vendor: CVE Published:; 27 September 2023

What is CVE-2023-20262?

A vulnerability exists in the SSH service of Cisco Catalyst SD-WAN Manager that allows unauthenticated remote attackers to exploit insufficient resource management. By sending specially crafted malicious traffic, an attacker can cause the SSH process to crash, leading to a denial of service for SSH access. However, this issue does not impact the overall functionality of the system or the web UI access. Proper mitigation strategies should be implemented to safeguard against potential exploits.

Affected Version(s)

Cisco SD-WAN Solution 17.2.4

Cisco SD-WAN Solution 17.2.5

Cisco SD-WAN Solution 17.2.6

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 27, 2023
Vulnerability Reserved
Oct 27, 2022