CVE-2023-20273

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

Severity	HIGH
CVSS	7.2
CWE	CWE-78
KEV	Yes (added 2 years ago)
Published	2 years ago
Modified	6 months ago

Related Products

Product	Advisory	Evidence
Cisco IOS	cisco-sa-iosxe-webui-privesc-j22SaA4z	Cisco OpenVuln
Cisco IOS XE Software	cisco-sa-iosxe-webui-privesc-j22SaA4z	Cisco OpenVuln
Cisco Catalyst 9600 Series Switches	cisco-sa-iosxe-webui-privesc-j22SaA4z	Cisco OpenVuln · software-dependent
Cisco Catalyst 9500 Series Switches	cisco-sa-iosxe-webui-privesc-j22SaA4z	Cisco OpenVuln · software-dependent
Cisco Catalyst 9400 Series Switches	cisco-sa-iosxe-webui-privesc-j22SaA4z	Cisco OpenVuln · software-dependent
Cisco Catalyst 9200 Series Switches	cisco-sa-iosxe-webui-privesc-j22SaA4z	Cisco OpenVuln · software-dependent
Cisco Catalyst 9300 Series Switches	cisco-sa-iosxe-webui-privesc-j22SaA4z	Cisco OpenVuln · software-dependent