Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-IOSXE-PRIV-ESC-SABD8HCU
HistoryMar 22, 2023 - 4:00 p.m.

Cisco IOS XE Software Privilege Escalation Vulnerability

2023-03-2216:00:00
tools.cisco.com
18
cisco
ios xe
privilege escalation
vulnerability
cloud management
catalyst migration
software update
memory protection
meraki migration
root-level privileges

EPSS

0

Percentile

5.1%

JSON

A vulnerability in the Cloud Management for Catalyst migration feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device.

This vulnerability is due to insufficient memory protection in the Cisco IOS XE Meraki migration feature of an affected device. An attacker could exploit this vulnerability by modifying the Meraki registration parameters. A successful exploit could allow the attacker to elevate privileges to root.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-sABD8hcU [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-sABD8hcU”]

This advisory is part of the March 2023 release of the Cisco IOS and IOS XE Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: March 2023 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publication [“https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74842”].

Affected configurations

Vulners
Node
ciscocisco_ios_xe_softwareMatch17.7
OR
ciscocisco_ios_xe_softwareMatch17.8
OR
ciscocisco_ios_xe_softwareMatchany
OR
ciscocisco_ios_xe_softwareMatch17.7.1
OR
ciscocisco_ios_xe_softwareMatch17.8.1
OR
ciscocisco_ios_xe_softwareMatchany
VendorProductVersionCPE
ciscocisco_ios_xe_software17.7cpe:2.3:a:cisco:cisco_ios_xe_software:17.7:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.8cpe:2.3:a:cisco:cisco_ios_xe_software:17.8:*:*:*:*:*:*:*
ciscocisco_ios_xe_softwareanycpe:2.3:a:cisco:cisco_ios_xe_software:any:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.7.1cpe:2.3:a:cisco:cisco_ios_xe_software:17.7.1:*:*:*:*:*:*:*
ciscocisco_ios_xe_software17.8.1cpe:2.3:a:cisco:cisco_ios_xe_software:17.8.1:*:*:*:*:*:*:*

Related

prion 1
nvd 1
nessus 1
cvelist 1
cve 1
prion
prion
Design/Logic Flaw
2023-03-23 17:15:00
nvd
nvd
CVE-2023-20029
2023-03-23 17:15:13
nessus
nessus
Cisco IOS XE Software Privilege Escalation (cisco-sa-iosxe-priv-esc-sABD8hcU)
2023-03-22 00:00:00
cvelist
cvelist
CVE-2023-20029 Cisco IOS XE Software Privilege Escalation Vulnerability
2023-03-23 00:00:00
cve
cve
CVE-2023-20029
2023-03-23 17:15:13

EPSS

0

Percentile

5.1%

JSON
Related for CISCO-SA-IOSXE-PRIV-ESC-SABD8HCU
prion1nvd1nessus1cvelist1cve1