A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to insufficient sanitization of user-provided data that is parsed into system memory. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the administrator user.
References
| Link | Resource |
|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealthsmc-rce-sfNBPjcS | Vendor Advisory |
Configurations
History
12 Apr 2023, 02:06
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
| CPE | cpe:2.3:a:cisco:secure_network_analytics:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:stealthwatch_management_console_2200:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:stealthwatch_management_console_2200_firmware:-:*:*:*:*:*:*:* |
|
| First Time |
Cisco stealthwatch Management Console 2200 Firmware
Cisco secure Network Analytics Cisco stealthwatch Management Console 2200 Cisco |
|
| CWE | CWE-502 | |
| References | (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-stealthsmc-rce-sfNBPjcS - Vendor Advisory |
05 Apr 2023, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-05 19:15
Updated : 2023-11-07 04:06
NVD link : CVE-2023-20102
Mitre link : CVE-2023-20102
JSON object : View
Products Affected
cisco
- secure_network_analytics
- stealthwatch_management_console_2200_firmware
- stealthwatch_management_console_2200
CWE
CWE-502
Deserialization of Untrusted Data