CVE-2023-20252

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.

Severity	CRITICAL
CVSS	9.8
CWE	CWE-862
KEV
Published	2 years ago
Modified	1 year ago

Related Products

Product	Advisory	Evidence
Cisco SD-WAN vManage	cisco-sa-sdwan-vman-sc-LRLfu2z	Cisco OpenVuln
Cisco SD-WAN Solution	cisco-sa-sdwan-vman-sc-LRLfu2z	Cisco OpenVuln
Cisco Catalyst SD-WAN Manager	cisco-sa-sdwan-vman-sc-LRLfu2z	Cisco OpenVuln
Cisco Catalyst SD-WAN Controller	cisco-sa-sdwan-vman-sc-LRLfu2z	Cisco OpenVuln
Cisco Catalyst SD-WAN	cisco-sa-sdwan-vman-sc-LRLfu2z	Cisco OpenVuln