Cisco IOS XE Web UI Authentication Bypass (CVE-2023-20198)

Description

The Cisco IOS XE Web UI has an authentication bypass vulnerability. An unauthenticated attacker can bypass the authentication with a specially crafted HTTP request and get full access to the system.

Remediation

Upgrade to the latest version of Cisco IOS XE

References

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

Cisco IOS XE CVE-2023-20198: Deep Dive and POC

Related Vulnerabilities

Seo Panel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-10839)

WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-7116)

XOOPS Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-0613)

Select2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10744)

WordPress Plugin Quttera Web Malware Scanner Security Bypass (3.0.8.65)

Severity

Critical

Classification

CVE-2023-20198 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H