{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-20179","assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","state":"PUBLISHED","assignerShortName":"cisco","dateReserved":"2022-10-27T18:47:50.363Z","datePublished":"2023-09-27T17:24:32.381Z","dateUpdated":"2024-09-23T15:05:43.568Z"},"containers":{"cna":{"providerMetadata":{"orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco","dateUpdated":"2024-01-25T16:57:50.945Z"},"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content.\r\n\r This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application."}],"affected":[{"vendor":"Cisco","product":"Cisco SD-WAN vManage","versions":[{"version":"20.3.1","status":"affected"},{"version":"20.3.2","status":"affected"},{"version":"20.3.2.1","status":"affected"},{"version":"20.3.3","status":"affected"},{"version":"20.3.3.1","status":"affected"},{"version":"20.3.4","status":"affected"},{"version":"20.3.4.1","status":"affected"},{"version":"20.3.4.2","status":"affected"},{"version":"20.3.5","status":"affected"},{"version":"20.3.6","status":"affected"},{"version":"20.3.7","status":"affected"},{"version":"20.3.7.1","status":"affected"},{"version":"20.3.4.3","status":"affected"},{"version":"20.3.5.1","status":"affected"},{"version":"20.3.7.2","status":"affected"},{"version":"20.4.1","status":"affected"},{"version":"20.4.1.1","status":"affected"},{"version":"20.4.1.2","status":"affected"},{"version":"20.4.2","status":"affected"},{"version":"20.4.2.2","status":"affected"},{"version":"20.4.2.1","status":"affected"},{"version":"20.4.2.3","status":"affected"},{"version":"20.5.1","status":"affected"},{"version":"20.5.1.2","status":"affected"},{"version":"20.5.1.1","status":"affected"},{"version":"20.6.1","status":"affected"},{"version":"20.6.1.1","status":"affected"},{"version":"20.6.2.1","status":"affected"},{"version":"20.6.2.2","status":"affected"},{"version":"20.6.2","status":"affected"},{"version":"20.6.3","status":"affected"},{"version":"20.6.3.1","status":"affected"},{"version":"20.6.4","status":"affected"},{"version":"20.6.5","status":"affected"},{"version":"20.6.5.1","status":"affected"},{"version":"20.6.1.2","status":"affected"},{"version":"20.6.3.2","status":"affected"},{"version":"20.6.4.1","status":"affected"},{"version":"20.6.5.2","status":"affected"},{"version":"20.6.5.4","status":"affected"},{"version":"20.6.3.3","status":"affected"},{"version":"20.6.4.2","status":"affected"},{"version":"20.6.3.0.45","status":"affected"},{"version":"20.6.3.0.46","status":"affected"},{"version":"20.6.3.0.47","status":"affected"},{"version":"20.6.3.4","status":"affected"},{"version":"20.6.4.0.21","status":"affected"},{"version":"20.6.5.1.10","status":"affected"},{"version":"20.6.5.1.7","status":"affected"},{"version":"20.6.5.1.9","status":"affected"},{"version":"20.6.5.2.4","status":"affected"},{"version":"20.6.5.5","status":"affected"},{"version":"20.7.1","status":"affected"},{"version":"20.7.1.1","status":"affected"},{"version":"20.7.2","status":"affected"},{"version":"20.8.1","status":"affected"},{"version":"20.9.1","status":"affected"},{"version":"20.9.2","status":"affected"},{"version":"20.9.2.1","status":"affected"},{"version":"20.9.3","status":"affected"},{"version":"20.9.3.1","status":"affected"},{"version":"20.9.2.3","status":"affected"},{"version":"20.9.3.0.12","status":"affected"},{"version":"20.9.3.0.16","status":"affected"},{"version":"20.9.3.0.17","status":"affected"},{"version":"20.9.3.0.18","status":"affected"},{"version":"20.9.3.2","status":"affected"},{"version":"20.9.3.2_LI_Images","status":"affected"},{"version":"20.9.4","status":"affected"},{"version":"20.10.1","status":"affected"},{"version":"20.10.1.1","status":"affected"},{"version":"20.10.1.2","status":"affected"},{"version":"20.11.1","status":"affected"},{"version":"20.11.1.1","status":"affected"},{"version":"20.11.1.2","status":"affected"}]}],"problemTypes":[{"descriptions":[{"lang":"en","description":"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)","type":"cwe","cweId":"CWE-80"}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-3ZKh8d6x","name":"cisco-sa-vmanage-html-3ZKh8d6x"}],"metrics":[{"format":"cvssV3_1","cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"}}],"exploits":[{"lang":"en","value":"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}],"source":{"advisory":"cisco-sa-vmanage-html-3ZKh8d6x","discovery":"EXTERNAL","defects":["CSCwe44307"]}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T09:05:35.783Z"},"title":"CVE Program Container","references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-3ZKh8d6x","name":"cisco-sa-vmanage-html-3ZKh8d6x","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-09-23T14:30:59.259661Z","id":"CVE-2023-20179","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-09-23T15:05:43.568Z"}}]}}