CVE-2023-20179

Summary

CVE	CVE-2023-20179
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-09-27 18:15:00 UTC
Updated	2024-01-25 17:15:00 UTC
Description	A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application.

Risk And Classification

Problem Types: CWE-79

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Cisco	Sd-wan Vmanage	All	All	All	All

References

Reference	Source	Link	Tags
Cisco Catalyst SD-WAN Manager Web UI HTML Injection Vulnerability	MISC	sec.cloudapps.cisco.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

317374 Cisco Catalyst SD-WAN Manager Web UI HTML Injection Vulnerability (cisco-sa-vmanage-html-3ZKh8d6x)