#VU82709 Business Logic Errors in Cisco Systems, Inc products - CVE-2023-20246
Published: November 3, 2023
Vulnerability identifier: #VU82709
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-20246
CWE-ID: CWE-840
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Firewall Threat Defense (FTD)
FirePOWER Services
Cisco UTD Engine for IOS XE SD-WAN
Cisco UTD Snort IPS Engine Software for IOS XE
Cisco IOS XE
Cisco 1000 Series Integrated Services Routers
4000 Series Integrated Services Routers
Catalyst 8000V Edge Software
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Catalyst 8500L Series Edge Platforms
Cloud Services Routers 1000V Series
Integrated Services Virtual Router
Open Source Snort 3
Cisco Firewall Threat Defense (FTD)
FirePOWER Services
Cisco UTD Engine for IOS XE SD-WAN
Cisco UTD Snort IPS Engine Software for IOS XE
Cisco IOS XE
Cisco 1000 Series Integrated Services Routers
4000 Series Integrated Services Routers
Catalyst 8000V Edge Software
Catalyst 8200 Series Edge Platforms
Catalyst 8300 Series Edge Platforms
Catalyst 8500L Series Edge Platforms
Cloud Services Routers 1000V Series
Integrated Services Virtual Router
Open Source Snort 3
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a logic error when the access control policies are being populated. A remote attacker can establish a connection to an affected device and bypass configured access control rules on the affected system.
Remediation
Install updates from vendor's website.