How severe is CVE-2023-20261?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-20261?

This is classified as CWE-284, which is a common weakness in software security.

CVE-2023-20261

MEDIUM Year: 2023

CVSS v3 Score

6.5

Medium

Weakness Type

CWE-284

View all →

Vulnerability Description

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to retrieve arbitrary files from an affected system. This vulnerability is due to improper validation of parameters that are sent to the web UI. An attacker could exploit this vulnerability by logging in to Cisco Catalyst SD-WAN Manager and issuing crafted requests using the web UI. A successful exploit could allow the attacker to obtain arbitrary files from the underlying Linux file system of an affected system. To exploit this vulnerability, the attacker must be an authenticated user.

CVE-2011-1762

MEDIUM

CVSS:6.5(Medium)

A flaw exists in Wordpress related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with 'Contributor-level' privileges to post...

CWE-2842011

CVE-2012-4379

MEDIUM

CVSS:6.5(Medium)

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response in...

CWE-2842012

CVE-2014-1398

MEDIUM

CVSS:6.5(Medium)

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statist...

CWE-2842014

CVE-2014-1399

MEDIUM

CVSS:6.5(Medium)

The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspec...

CWE-2842014

CVE-2014-1400

MEDIUM

CVSS:6.5(Medium)

The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspeci...

CWE-2842014

CVE-2014-3519

MEDIUM

CVSS:6.5(Medium)

The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capa...

CWE-2842014

CVE-2023-20261

Vulnerability Description

Related Vulnerabilities

CVE-2011-1762

CVE-2012-4379

CVE-2014-1398

CVE-2014-1399

CVE-2014-1400

CVE-2014-3519