mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 09:11:28 +00:00
464 lines
17 KiB
JSON
464 lines
17 KiB
JSON
{
|
|
"id": "CVE-2023-20097",
|
|
"sourceIdentifier": "ykramarz@cisco.com",
|
|
"published": "2023-03-23T17:15:15.027",
|
|
"lastModified": "2023-11-07T04:06:02.180",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 6.7,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 0.8,
|
|
"impactScore": 5.9
|
|
},
|
|
{
|
|
"source": "ykramarz@cisco.com",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "NONE",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.6,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.5,
|
|
"impactScore": 2.7
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-77"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"source": "ykramarz@cisco.com",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-77"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:wireless_lan_controller_software:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "8.10.183.0",
|
|
"matchCriteriaId": "D9EA7E3F-2EA0-4B32-BCA0-0E88FC9E4F9D"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:esw6300:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "09051BC5-CFE7-43EF-975D-BF77724E8776"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:cisco:aironet_access_point_software:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "17.9.0.135",
|
|
"matchCriteriaId": "386B92C5-05F3-40A8-8F35-280DD9E84169"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1540:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "72BFEED4-7AD7-406F-A044-BDEA98133711"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1542d:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C5DB7510-2741-464A-8FC9-8419985E330F"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1542i:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3AE916B2-CAAD-4508-A47E-A7D4D88B077A"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1560:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8191FD87-4E55-4F38-8DB0-7E6772AD075B"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1562d:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1D717945-EE41-4D0F-86EF-90826EBE9C3E"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1562e:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "99EAEA92-6589-4DFB-BC4B-8CBA425452D9"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1562i:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D27AB201-342D-4517-9E05-6088598F4695"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1800:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "02F4C00A-D1E2-4B21-A14E-F30B4B818493"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1800i:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BC836B4D-A489-4300-B0A2-EF0B6E01E623"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1810:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "36F923CF-D4EB-48F8-821D-8BB3A69ABB62"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1810w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1D613A17-FFA9-4FF0-9C2A-AF8ACD59B765"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1815:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F8BF9DDB-884D-47B5-A295-8BFA5207C412"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1815i:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "207DC80E-499C-4CA3-8A88-F027DBC64CCF"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1815m:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6E3225A6-DA3C-49FE-B0F8-8AC6B7DA3347"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1815t:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0E1D6F32-3F51-4C5B-97AF-1AD8917FCB07"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_1815w:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E09FEE6E-8169-4E90-ACF6-88BEE747D7A8"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_2800:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3C28A6B0-10FF-4C6D-8527-2313E163C98E"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_2800e:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "098A82FF-95F7-416A-BADD-C57CE81ACD32"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_2800i:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DD1D5813-9223-4B3F-9DE2-F3EF854FC927"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_3800:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7636F7E2-E386-4F8C-A0C5-F510D8E21DA4"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_3800e:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "10D7583E-2B61-40F1-B9A6-701DA08F8CDF"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_3800i:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "945DDBE7-6233-416B-9BEE-7029F047E298"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_3800p:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0ED89428-750C-4C26-B2A1-E3D63F8B3F44"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:aironet_4800:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C4D8A4CB-5B80-4332-BCBC-DA18AD94D215"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9100:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "749040C6-A21A-4EF3-8213-42EE01CFA303"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9105:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5F3CCCFE-88CC-4F7B-8958-79CA62516EA9"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9105ax:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C76DACE3-7D3B-4FE6-8567-0C9D43FF7A7E"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9105axi:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "19F93DF4-67DB-4B30-AC22-60C67DF32DB2"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9105axw:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "59C77B06-3C22-4092-AAAB-DB099A0B16A6"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9115:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4081C532-3B10-4FBF-BB22-5BA17BC6FCF8"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9115_ap:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "56A3430C-9AF7-4604-AD95-FCF2989E9EB0"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9115ax:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "36E2B891-4F41-4D0D-BAA2-0256C0565BDE"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9115axe:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DE4C56A6-E843-498A-A17B-D3D1B01E70E7"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9115axi:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "F050F416-44C3-474C-9002-321A33F288D6"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9117:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6FCE2220-E2E6-4A17-9F0A-2C927FAB4AA5"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9117_ap:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C4AE36E2-E7E9-4E49-8BFF-615DACFC65C1"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9117ax:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BA8798F4-35BB-4F81-9385-B0274BFAAF15"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9117axi:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7A699C5C-CD03-4263-952F-5074B470F20E"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9120:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A47C2D6F-8F90-4D74-AFE1-EAE954021F46"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9120_ap:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C04889F8-3C2A-41AA-9DC9-5A4A4BBE60E7"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9120ax:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5889AFA2-752E-4EDD-A837-5C003025B25C"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9120axe:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "46D41CFE-784B-40EE-9431-8097428E5892"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9120axi:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5D148A27-85B6-4883-96B5-343C8D32F23B"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9120axp:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "735CA950-672C-4787-8910-48AD07868FDE"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9124:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C11EF240-7599-4138-B7A7-17E4479F5B83"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9124ax:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "53852300-C1D2-4F84-B8DA-4EDBCB374075"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9124axd:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E987C945-4D6D-4BE5-B6F0-784B7E821D11"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9124axi:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B434C6D7-F583-4D2B-9275-38A5EC4ECC30"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9130:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "E1C8E35A-5A9B-4D56-A753-937D5CFB5B19"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9130_ap:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "248A3FFC-C33C-4336-A37C-67B6046556E5"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9130ax:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5CADEB5A-5147-4420-A825-BAB07BD60AA2"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9130axe:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4EC1F736-6240-4FA2-9FEC-D8798C9D287C"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_9130axi:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "169E5354-07EA-4639-AB4B-20D2B9DE784C"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_iw6300:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "C559D6F7-B432-4A2A-BE0E-9697CC412C70"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_iw6300_ac:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "23153AA4-B169-4421-BFF8-873205FC9C21"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_iw6300_dc:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "67DC3B71-B64D-4C49-B089-B274FA34ECB6"
|
|
},
|
|
{
|
|
"vulnerable": false,
|
|
"criteria": "cpe:2.3:h:cisco:catalyst_iw6300_dcw:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4F857465-314F-4124-9835-8A269486D654"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
|
|
"versionEndExcluding": "16.12.8",
|
|
"matchCriteriaId": "810472FD-52DE-4694-98FA-1AD858BEC895"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "17.1",
|
|
"versionEndExcluding": "17.3.6",
|
|
"matchCriteriaId": "55C1CD64-ADE0-453F-9E0B-EA952F743892"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "17.4",
|
|
"versionEndExcluding": "17.6.5",
|
|
"matchCriteriaId": "612EB810-AB85-49D4-BB5C-C03E2B1A0B43"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
|
|
"versionStartIncluding": "17.7",
|
|
"versionEndExcluding": "17.9.2",
|
|
"matchCriteriaId": "8F4C5572-9D7D-405C-AF93-DF9FF07F92F7"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aironetap-cmdinj-6bjT4FL8",
|
|
"source": "ykramarz@cisco.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |