Cisco IOS XE Web UI Authentication Bypass (CVE-2023-20198)

Description

The Cisco IOS XE Web UI has an authentication bypass vulnerability. An unauthenticated attacker can bypass the authentication with a specially crafted HTTP request and get full access to the system.

Remediation

Upgrade to the latest version of Cisco IOS XE

References

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability

Cisco IOS XE CVE-2023-20198: Deep Dive and POC

Related Vulnerabilities

OpenVPN AS Other Vulnerability (CVE-2021-4234)

Oracle JRE CVE-2017-10357 Vulnerability (CVE-2017-10357)

MySQL CVE-2016-3614 Vulnerability (CVE-2016-3614)

IBM RTC CVE-2015-1971 Vulnerability (CVE-2015-1971)

MySQL CVE-2014-2436 Vulnerability (CVE-2014-2436)

Severity

Critical

Classification

CVE-2023-20198 CWE-287 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H