๐Ÿ” CVE Alert

CVE-2023-20136

MEDIUM 4.3
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th

A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper role-based access control (RBAC) of certain OpenAPI operations. An attacker could exploit this vulnerability by issuing a crafted OpenAPI function call with valid credentials. A successful exploit could allow the attacker to execute OpenAPI operations that are reserved for the Administrator user, including the creation and deletion of user labels.

CWE CWE-648
Vendor cisco
Product cisco secure workload
Ecosystems
Industries
NetworkingTelecommunications
Published Jun 28, 2023
Last Updated Aug 2, 2024
Stay Ahead of the Next One

Get instant alerts for cisco cisco secure workload

Be the first to know when new medium vulnerabilities affecting cisco cisco secure workload are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Affected Versions

Cisco / Cisco Secure Workload
1.102.21 1.103.1.12 2.0.1.34 2.0.2.20 2.1.1.29 2.1.1.31 2.1.1.33 2.2.1.34 2.2.1.35 2.2.1.39 2.2.1.41 2.3.1.41 2.3.1.45 2.3.1.49 2.3.1.50 2.3.1.51 2.3.1.52 2.3.1.53 3.1.1.53 3.1.1.54 3.1.1.55 3.1.1.59 3.1.1.61 3.1.1.65 3.1.1.67 3.1.1.70 3.2.1.18 3.2.1.19 3.2.1.20 3.2.1.28 3.2.1.31 3.2.1.32 3.2.1.33 3.3.2.12 3.3.2.16 3.3.2.2 3.3.2.23 3.3.2.28 3.3.2.33 3.3.2.35 3.3.2.42 3.3.2.5 3.3.2.50 3.3.2.53 3.4.1.1 3.4.1.14 3.4.1.19 3.4.1.20 3.4.1.28 3.4.1.34 3.4.1.35 3.4.1.6 3.4.1.40 3.5.1.1 3.5.1.17 3.5.1.2 3.5.1.20 3.5.1.23 3.5.1.30 3.5.1.31 3.5.1.37 3.6.1.17 3.6.1.21 3.6.1.36 3.6.1.47 3.6.1.5 3.6.1.52 3.7.1.22 3.7.1.5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-auth-openapi-kTndjdNX