QID 150739

Date Published: 2023-11-28

QID 150739: Cisco IOS XE Web UI Privilege Escalation Vulnerability (CVE-2023-20198)

Cisco IOS XE is a network operating system (OS) developed by Cisco Systems for enterprise switching, routing, wired and wireless access.

A privilege escalation vulnerability exists in the web user interface of Cisco IOS XE allowing a remote, unauthenticated attacker to create an account with privilege level 15 access.

Affected Products:
Cisco IOS XE from 16.12 up to 16.12.10a
Cisco IOS XE from 17.3 up to 17.3.8a
Cisco IOS XE from 17.6 up to 17.6.6a
Cisco IOS XE from 17.9 up to 17.9.4a

QID Detection Logic (Unauthenticated):
This QID sends HTTP POST request to "%2577eb%2575i_%2577sma_Http" endpoint with specially crafted payload executing system commands and based on the response determines if the Cisco IOS XE software is vulnerable.

Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device.

  • CVSS V3 rated as Critical - 10 severity.
  • CVSS V2 rated as Critical - 10 severity.
    • Solution
    Cisco has released fixes to address CVE-2023-20198, Customers are advised to refer Software Fix Availability document for detailed information. For more information pertaining to this vulnerability please refer Cisco Security Advisory.
    Vendor References

    CVEs related to QID 150739

    CVE-2023-20198 |
    Software Advisories
    Advisory ID Software Component Link
    Cisco Security Advisory URL Logo sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
    By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].