ByteOS Network

Vulnerability Details :

CVE-2023-20186

Assigner-cisco

Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633

Published At-27 Sep, 2023 | 17:22

Updated At-16 Dec, 2025 | 18:23

A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using SCP to connect to an affected device from an external machine. A successful exploit could allow the attacker to obtain or change the configuration of the affected device and put files on or retrieve files from the affected device.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:cisco

Assigner Org ID:d1c1063e-7a18-46af-9102-31f8928bc633

Published At:27 Sep, 2023 | 17:22

Updated At:16 Dec, 2025 | 18:23

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

Cisco Systems, Inc.

Product

IOS

Versions

Affected

12.2(58)SE
12.2(58)SE1
12.2(58)SE2
12.2(58)EX
12.2(58)EY
12.2(58)EY1
12.2(58)EY2
12.2(58)EZ
12.2(60)EZ
12.2(60)EZ1
12.2(60)EZ2
12.2(60)EZ3
12.2(60)EZ4
12.2(60)EZ5
12.2(60)EZ6
12.2(60)EZ7
12.2(60)EZ8
12.2(60)EZ9
12.2(60)EZ10
12.2(60)EZ11
12.2(60)EZ12
12.2(60)EZ13
12.2(60)EZ14
12.2(60)EZ15
15.0(1)M1
15.0(1)M5
15.0(1)M4
15.0(1)M3
15.0(1)M2
15.0(1)M6
15.0(1)M
15.0(1)M7
15.0(1)M10
15.0(1)M9
15.0(1)M8
15.0(1)XA2
15.0(1)XA4
15.0(1)XA1
15.0(1)XA3
15.0(1)XA
15.0(1)XA5
15.1(2)T
15.1(1)T4
15.1(3)T2
15.1(1)T1
15.1(2)T0a
15.1(3)T3
15.1(1)T3
15.1(2)T3
15.1(2)T4
15.1(1)T2
15.1(3)T
15.1(2)T2a
15.1(3)T1
15.1(1)T
15.1(2)T2
15.1(2)T1
15.1(2)T5
15.1(3)T4
15.1(1)T5
15.1(1)XB
15.0(1)S2
15.0(1)S1
15.0(1)S
15.0(1)S3a
15.0(1)S4
15.0(1)S5
15.0(1)S4a
15.0(1)S6
15.2(1)S
15.2(2)S
15.2(1)S1
15.2(4)S
15.2(1)S2
15.2(2)S1
15.2(2)S2
15.2(2)S0a
15.2(2)S0c
15.2(4)S1
15.2(4)S4
15.2(4)S6
15.2(4)S2
15.2(4)S5
15.2(4)S3
15.2(4)S3a
15.2(4)S4a
15.2(4)S7
15.3(1)T
15.3(2)T
15.3(1)T1
15.3(1)T2
15.3(1)T3
15.3(1)T4
15.3(2)T1
15.3(2)T2
15.3(2)T3
15.3(2)T4
15.0(1)EY
15.0(1)EY1
15.0(1)EY2
15.0(2)EY
15.0(2)EY1
15.0(2)EY2
15.0(2)EY3
15.1(2)S
15.1(1)S
15.1(1)S1
15.1(3)S
15.1(1)S2
15.1(2)S1
15.1(2)S2
15.1(3)S1
15.1(3)S0a
15.1(3)S2
15.1(3)S4
15.1(3)S3
15.1(3)S5
15.1(3)S6
15.1(3)S5a
15.1(4)M3
15.1(4)M
15.1(4)M1
15.1(4)M2
15.1(4)M6
15.1(4)M5
15.1(4)M4
15.1(4)M7
15.1(4)M3a
15.1(4)M10
15.1(4)M8
15.1(4)M9
15.0(1)SE
15.0(2)SE
15.0(1)SE1
15.0(1)SE2
15.0(1)SE3
15.0(2)SE1
15.0(2)SE2
15.0(2)SE3
15.0(2)SE4
15.0(2)SE5
15.0(2)SE6
15.0(2)SE7
15.0(2)SE8
15.0(2)SE9
15.0(2)SE10
15.0(2)SE11
15.0(2)SE10a
15.0(2)SE12
15.0(2)SE13
15.1(2)GC
15.1(2)GC1
15.1(2)GC2
15.1(4)GC
15.1(4)GC1
15.1(4)GC2
15.1(1)SG
15.1(2)SG
15.1(1)SG1
15.1(1)SG2
15.1(2)SG1
15.1(2)SG2
15.1(2)SG3
15.1(2)SG4
15.1(2)SG5
15.1(2)SG6
15.1(2)SG7
15.1(2)SG8
15.0(1)MR
15.0(2)MR
15.2(4)M
15.2(4)M1
15.2(4)M2
15.2(4)M4
15.2(4)M3
15.2(4)M5
15.2(4)M8
15.2(4)M10
15.2(4)M7
15.2(4)M6
15.2(4)M9
15.2(4)M6a
15.2(4)M11
15.0(1)EX
15.0(2)EX
15.0(2)EX1
15.0(2)EX2
15.0(2)EX3
15.0(2)EX4
15.0(2)EX5
15.0(2)EX8
15.0(2a)EX5
15.0(2)EX10
15.0(2)EX11
15.0(2)EX13
15.0(2)EX12
15.2(1)GC
15.2(1)GC1
15.2(1)GC2
15.2(2)GC
15.2(3)GC
15.2(3)GC1
15.2(4)GC
15.2(4)GC1
15.2(4)GC2
15.2(4)GC3
15.1(1)SY
15.1(1)SY1
15.1(2)SY
15.1(2)SY1
15.1(2)SY2
15.1(1)SY2
15.1(1)SY3
15.1(2)SY3
15.1(1)SY4
15.1(2)SY4
15.1(1)SY5
15.1(2)SY5
15.1(2)SY4a
15.1(1)SY6
15.1(2)SY6
15.1(2)SY7
15.1(2)SY8
15.1(2)SY9
15.1(2)SY10
15.1(2)SY11
15.1(2)SY12
15.1(2)SY13
15.1(2)SY14
15.1(2)SY15
15.1(2)SY16
15.3(1)S
15.3(2)S
15.3(3)S
15.3(1)S2
15.3(1)S1
15.3(2)S2
15.3(2)S1
15.3(3)S1
15.3(3)S2
15.3(3)S3
15.3(3)S6
15.3(3)S4
15.3(3)S1a
15.3(3)S5
15.3(3)S7
15.3(3)S8
15.3(3)S9
15.3(3)S10
15.3(3)S8a
15.4(1)T
15.4(2)T
15.4(1)T2
15.4(1)T1
15.4(1)T3
15.4(2)T1
15.4(2)T3
15.4(2)T2
15.4(1)T4
15.4(2)T4
15.0(2)EA
15.0(2)EA1
15.2(1)E
15.2(2)E
15.2(1)E1
15.2(3)E
15.2(1)E2
15.2(1)E3
15.2(2)E1
15.2(4)E
15.2(3)E1
15.2(2)E2
15.2(2a)E1
15.2(2)E3
15.2(2a)E2
15.2(3)E2
15.2(3a)E
15.2(3)E3
15.2(4)E1
15.2(2)E4
15.2(2)E5
15.2(4)E2
15.2(3)E4
15.2(5)E
15.2(4)E3
15.2(2)E6
15.2(5a)E
15.2(5)E1
15.2(5b)E
15.2(2)E5a
15.2(5c)E
15.2(3)E5
15.2(2)E5b
15.2(5a)E1
15.2(4)E4
15.2(2)E7
15.2(5)E2
15.2(6)E
15.2(5)E2b
15.2(4)E5
15.2(5)E2c
15.2(2)E8
15.2(6)E0a
15.2(6)E1
15.2(2)E7b
15.2(4)E5a
15.2(6)E0c
15.2(4)E6
15.2(6)E2
15.2(2)E9
15.2(4)E7
15.2(7)E
15.2(2)E10
15.2(4)E8
15.2(6)E2a
15.2(6)E2b
15.2(7)E1
15.2(7)E0a
15.2(7)E0b
15.2(7)E0s
15.2(6)E3
15.2(4)E9
15.2(7)E2
15.2(7a)E0b
15.2(4)E10
15.2(7)E3
15.2(7)E1a
15.2(7b)E0b
15.2(7)E2a
15.2(4)E10a
15.2(7)E4
15.2(7)E3k
15.2(8)E
15.2(8)E1
15.2(7)E5
15.2(7)E6
15.2(8)E2
15.2(4)E10d
15.2(7)E7
15.2(8)E3
15.2(7)E8
15.1(3)MRA
15.1(3)MRA1
15.1(3)MRA2
15.1(3)MRA3
15.1(3)MRA4
15.1(3)SVB1
15.1(3)SVB2
15.4(1)S
15.4(2)S
15.4(3)S
15.4(1)S1
15.4(1)S2
15.4(2)S1
15.4(1)S3
15.4(3)S1
15.4(2)S2
15.4(3)S2
15.4(3)S3
15.4(1)S4
15.4(2)S3
15.4(2)S4
15.4(3)S4
15.4(3)S5
15.4(3)S6
15.4(3)S7
15.4(3)S6a
15.4(3)S8
15.4(3)S9
15.4(3)S10
15.3(3)M
15.3(3)M1
15.3(3)M2
15.3(3)M3
15.3(3)M5
15.3(3)M4
15.3(3)M6
15.3(3)M7
15.3(3)M8
15.3(3)M9
15.3(3)M10
15.3(3)M8a
15.0(2)EZ
15.1(3)SVD
15.1(3)SVD1
15.1(3)SVD2
15.2(1)EY
15.0(2)EJ
15.0(2)EJ1
15.2(1)SY
15.2(1)SY1
15.2(1)SY0a
15.2(1)SY2
15.2(2)SY
15.2(1)SY1a
15.2(2)SY1
15.2(2)SY2
15.2(1)SY3
15.2(1)SY4
15.2(2)SY3
15.2(1)SY5
15.2(1)SY6
15.2(1)SY7
15.2(1)SY8
15.2(5)EX
15.1(3)SVF
15.1(3)SVF1
15.1(3)SVE
15.4(3)M
15.4(3)M1
15.4(3)M2
15.4(3)M3
15.4(3)M4
15.4(3)M5
15.4(3)M6
15.4(3)M7
15.4(3)M6a
15.4(3)M8
15.4(3)M9
15.4(3)M10
15.0(2)EK
15.0(2)EK1
15.4(1)CG
15.4(1)CG1
15.4(2)CG
15.5(1)S
15.5(2)S
15.5(1)S1
15.5(3)S
15.5(1)S2
15.5(1)S3
15.5(2)S1
15.5(2)S2
15.5(3)S1
15.5(3)S1a
15.5(2)S3
15.5(3)S2
15.5(3)S0a
15.5(3)S3
15.5(1)S4
15.5(2)S4
15.5(3)S4
15.5(3)S5
15.5(3)S6
15.5(3)S6a
15.5(3)S7
15.5(3)S6b
15.5(3)S8
15.5(3)S9
15.5(3)S10
15.5(3)S9a
15.1(3)SVG
15.2(2)EB
15.2(2)EB1
15.2(2)EB2
15.2(6)EB
15.5(1)T
15.5(1)T1
15.5(2)T
15.5(1)T2
15.5(1)T3
15.5(2)T1
15.5(2)T2
15.5(2)T3
15.5(2)T4
15.5(1)T4
15.2(2)EA
15.2(2)EA1
15.2(2)EA2
15.2(3)EA
15.2(4)EA
15.2(4)EA1
15.2(2)EA3
15.2(4)EA3
15.2(5)EA
15.2(4)EA4
15.2(4)EA5
15.2(4)EA6
15.2(4)EA7
15.2(4)EA8
15.2(4)EA9
15.2(4)EA9a
15.5(3)M
15.5(3)M1
15.5(3)M0a
15.5(3)M2
15.5(3)M3
15.5(3)M4
15.5(3)M4a
15.5(3)M5
15.5(3)M6
15.5(3)M7
15.5(3)M6a
15.5(3)M8
15.5(3)M9
15.5(3)M10
15.5(3)SN
15.6(1)S
15.6(2)S
15.6(2)S1
15.6(1)S1
15.6(1)S2
15.6(2)S2
15.6(1)S3
15.6(2)S3
15.6(1)S4
15.6(2)S4
15.6(1)T
15.6(2)T
15.6(1)T0a
15.6(1)T1
15.6(2)T1
15.6(1)T2
15.6(2)T2
15.6(1)T3
15.6(2)T3
15.3(1)SY
15.3(1)SY1
15.3(1)SY2
15.6(2)SP
15.6(2)SP1
15.6(2)SP2
15.6(2)SP3
15.6(2)SP4
15.6(2)SP5
15.6(2)SP6
15.6(2)SP7
15.6(2)SP8
15.6(2)SP9
15.6(2)SP10
15.6(2)SN
15.6(3)M
15.6(3)M1
15.6(3)M0a
15.6(3)M1b
15.6(3)M2
15.6(3)M2a
15.6(3)M3
15.6(3)M3a
15.6(3)M4
15.6(3)M5
15.6(3)M6
15.6(3)M7
15.6(3)M6a
15.6(3)M6b
15.6(3)M8
15.6(3)M9
15.1(3)SVJ2
15.2(4)EC1
15.2(4)EC2
15.4(1)SY
15.4(1)SY1
15.4(1)SY2
15.4(1)SY3
15.4(1)SY4
15.5(1)SY
15.5(1)SY1
15.5(1)SY2
15.5(1)SY3
15.5(1)SY4
15.5(1)SY5
15.5(1)SY6
15.5(1)SY7
15.5(1)SY8
15.5(1)SY9
15.5(1)SY10
15.5(1)SY11
15.7(3)M
15.7(3)M1
15.7(3)M0a
15.7(3)M3
15.7(3)M2
15.7(3)M4
15.7(3)M5
15.7(3)M4a
15.7(3)M4b
15.7(3)M6
15.7(3)M7
15.7(3)M8
15.7(3)M9
15.8(3)M
15.8(3)M1
15.8(3)M0a
15.8(3)M0b
15.8(3)M2
15.8(3)M1a
15.8(3)M3
15.8(3)M2a
15.8(3)M4
15.8(3)M3a
15.8(3)M3b
15.8(3)M5
15.8(3)M6
15.8(3)M7
15.8(3)M8
15.8(3)M9
15.8(3)M10
15.9(3)M
15.9(3)M1
15.9(3)M0a
15.9(3)M2
15.9(3)M3
15.9(3)M2a
15.9(3)M3a
15.9(3)M4
15.9(3)M3b
15.9(3)M5
15.9(3)M4a
15.9(3)M6
15.9(3)M7
15.9(3)M6a
15.9(3)M6b
15.9(3)M7a
15.3(3)JPI11

Vendor

Cisco Systems, Inc.

Product

Cisco IOS XE Software

Versions

Affected

3.7.0S
3.7.1S
3.7.2S
3.7.3S
3.7.4S
3.7.5S
3.7.6S
3.7.7S
3.7.4aS
3.7.2tS
3.7.0bS
3.7.1aS
3.3.0SG
3.3.2SG
3.3.1SG
3.8.0S
3.8.1S
3.8.2S
3.9.1S
3.9.0S
3.9.2S
3.9.1aS
3.9.0aS
3.2.0SE
3.2.1SE
3.2.2SE
3.2.3SE
3.3.0SE
3.3.1SE
3.3.2SE
3.3.3SE
3.3.4SE
3.3.5SE
3.3.0XO
3.3.1XO
3.3.2XO
3.4.0SG
3.4.2SG
3.4.1SG
3.4.3SG
3.4.4SG
3.4.5SG
3.4.6SG
3.4.7SG
3.4.8SG
3.5.0E
3.5.1E
3.5.2E
3.5.3E
3.10.0S
3.10.1S
3.10.2S
3.10.3S
3.10.4S
3.10.5S
3.10.6S
3.10.2tS
3.10.7S
3.10.1xbS
3.10.8S
3.10.8aS
3.10.9S
3.10.10S
3.11.1S
3.11.2S
3.11.0S
3.11.3S
3.11.4S
3.12.0S
3.12.1S
3.12.2S
3.12.3S
3.12.0aS
3.12.4S
3.13.0S
3.13.1S
3.13.2S
3.13.3S
3.13.4S
3.13.5S
3.13.2aS
3.13.0aS
3.13.5aS
3.13.6S
3.13.7S
3.13.6aS
3.13.7aS
3.13.8S
3.13.9S
3.13.10S
3.6.0E
3.6.1E
3.6.2aE
3.6.2E
3.6.3E
3.6.4E
3.6.5E
3.6.6E
3.6.5aE
3.6.5bE
3.6.7E
3.6.8E
3.6.7bE
3.6.9E
3.6.10E
3.14.0S
3.14.1S
3.14.2S
3.14.3S
3.14.4S
3.15.0S
3.15.1S
3.15.2S
3.15.1cS
3.15.3S
3.15.4S
3.7.0E
3.7.1E
3.7.2E
3.7.3E
3.7.4E
3.7.5E
3.16.0S
3.16.1S
3.16.1aS
3.16.2S
3.16.2aS
3.16.0cS
3.16.3S
3.16.2bS
3.16.3aS
3.16.4S
3.16.4aS
3.16.4bS
3.16.5S
3.16.4dS
3.16.6S
3.16.7S
3.16.6bS
3.16.7aS
3.16.7bS
3.16.8S
3.16.9S
3.16.10S
3.17.0S
3.17.1S
3.17.2S
3.17.1aS
3.17.3S
3.17.4S
16.1.1
16.1.2
16.1.3
16.2.1
16.2.2
3.8.0E
3.8.1E
3.8.2E
3.8.3E
3.8.4E
3.8.5E
3.8.5aE
3.8.6E
3.8.7E
3.8.8E
3.8.9E
3.8.10E
16.3.1
16.3.2
16.3.3
16.3.1a
16.3.4
16.3.5
16.3.5b
16.3.6
16.3.7
16.3.8
16.3.9
16.3.10
16.3.11
16.4.1
16.4.2
16.4.3
16.5.1
16.5.1a
16.5.1b
16.5.2
16.5.3
3.18.0aS
3.18.0S
3.18.1S
3.18.2S
3.18.3S
3.18.4S
3.18.0SP
3.18.1SP
3.18.1aSP
3.18.1bSP
3.18.1cSP
3.18.2SP
3.18.2aSP
3.18.3SP
3.18.4SP
3.18.3aSP
3.18.3bSP
3.18.5SP
3.18.6SP
3.18.7SP
3.18.8aSP
3.18.9SP
3.9.0E
3.9.1E
3.9.2E
16.6.1
16.6.2
16.6.3
16.6.4
16.6.5
16.6.4a
16.6.5a
16.6.6
16.6.7
16.6.8
16.6.9
16.6.10
16.7.1
16.7.1a
16.7.1b
16.7.2
16.7.3
16.7.4
16.8.1
16.8.1a
16.8.1b
16.8.1s
16.8.1c
16.8.1d
16.8.2
16.8.1e
16.8.3
16.9.1
16.9.2
16.9.1a
16.9.1b
16.9.1s
16.9.3
16.9.4
16.9.3a
16.9.5
16.9.5f
16.9.6
16.9.7
16.9.8
16.10.1
16.10.1a
16.10.1b
16.10.1s
16.10.1c
16.10.1e
16.10.1d
16.10.2
16.10.1f
16.10.1g
16.10.3
3.10.0E
3.10.1E
3.10.0cE
3.10.2E
3.10.3E
16.11.1
16.11.1a
16.11.1b
16.11.2
16.11.1s
16.12.1
16.12.1s
16.12.1a
16.12.1c
16.12.1w
16.12.2
16.12.1y
16.12.2a
16.12.3
16.12.8
16.12.2s
16.12.1x
16.12.1t
16.12.4
16.12.3s
16.12.3a
16.12.4a
16.12.5
16.12.6
16.12.1z1
16.12.5a
16.12.5b
16.12.1z2
16.12.6a
16.12.7
16.12.9
3.11.0E
3.11.1E
3.11.2E
3.11.3E
3.11.1aE
3.11.4E
3.11.3aE
3.11.5E
3.11.6E
3.11.7E
3.11.8E
17.1.1
17.1.1a
17.1.1s
17.1.1t
17.1.3
17.2.1
17.2.1r
17.2.1a
17.2.1v
17.2.2
17.2.3
17.3.1
17.3.2
17.3.3
17.3.1a
17.3.1w
17.3.2a
17.3.1x
17.3.1z
17.3.4
17.3.5
17.3.4a
17.3.6
17.3.4b
17.3.4c
17.3.5a
17.3.5b
17.3.7
17.4.1
17.4.2
17.4.1a
17.4.1b
17.4.2a
17.5.1
17.5.1a
17.6.1
17.6.2
17.6.1w
17.6.1a
17.6.1x
17.6.3
17.6.1y
17.6.1z
17.6.3a
17.6.4
17.6.1z1
17.6.5
17.6.5a
17.7.1
17.7.1a
17.7.1b
17.7.2
17.10.1
17.10.1a
17.10.1b
17.8.1
17.8.1a
17.9.1
17.9.1w
17.9.2
17.9.1a
17.9.1x
17.9.3
17.9.2a
17.9.1x1
17.9.3a
17.11.1
17.11.1a
17.11.99SW

Problem Types

Type	CWE ID	Description
cwe	CWE-285	Improper Authorization

Type: cwe

CWE ID: CWE-285

Description: Improper Authorization

Metrics

Version	Base score	Base severity	Vector
3.1	8.0	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Version: 3.1

Base score: 8.0

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Exploits

The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

References

Hyperlink	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaascp-Tyj4fEJm	N/A

Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaascp-Tyj4fEJm

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaascp-Tyj4fEJm	x_transferred

Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaascp-Tyj4fEJm

Resource:

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:ykramarz@cisco.com

Published At:27 Sep, 2023 | 18:15

Updated At:25 Jan, 2024 | 17:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Secondary	3.1	8.0	HIGH	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Type: Primary

Version: 3.1

Base score: 9.1

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.0

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CPE Matches

Cisco Systems, Inc.

>>ios>>12.2\(58\)ex

cpe:2.3:o:cisco:ios:12.2\(58\)ex:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(58\)ey

cpe:2.3:o:cisco:ios:12.2\(58\)ey:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(58\)ey1

cpe:2.3:o:cisco:ios:12.2\(58\)ey1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(58\)ey2

cpe:2.3:o:cisco:ios:12.2\(58\)ey2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(58\)ez

cpe:2.3:o:cisco:ios:12.2\(58\)ez:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(58\)se

cpe:2.3:o:cisco:ios:12.2\(58\)se:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(58\)se1

cpe:2.3:o:cisco:ios:12.2\(58\)se1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(58\)se2

cpe:2.3:o:cisco:ios:12.2\(58\)se2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez

cpe:2.3:o:cisco:ios:12.2\(60\)ez:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez1

cpe:2.3:o:cisco:ios:12.2\(60\)ez1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez2

cpe:2.3:o:cisco:ios:12.2\(60\)ez2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez3

cpe:2.3:o:cisco:ios:12.2\(60\)ez3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez4

cpe:2.3:o:cisco:ios:12.2\(60\)ez4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez5

cpe:2.3:o:cisco:ios:12.2\(60\)ez5:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez6

cpe:2.3:o:cisco:ios:12.2\(60\)ez6:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez7

cpe:2.3:o:cisco:ios:12.2\(60\)ez7:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez8

cpe:2.3:o:cisco:ios:12.2\(60\)ez8:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez9

cpe:2.3:o:cisco:ios:12.2\(60\)ez9:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez10

cpe:2.3:o:cisco:ios:12.2\(60\)ez10:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez11

cpe:2.3:o:cisco:ios:12.2\(60\)ez11:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez12

cpe:2.3:o:cisco:ios:12.2\(60\)ez12:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez13

cpe:2.3:o:cisco:ios:12.2\(60\)ez13:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez14

cpe:2.3:o:cisco:ios:12.2\(60\)ez14:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>12.2\(60\)ez15

cpe:2.3:o:cisco:ios:12.2\(60\)ez15:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)ex

cpe:2.3:o:cisco:ios:15.0\(1\)ex:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)ey

cpe:2.3:o:cisco:ios:15.0\(1\)ey:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)ey1

cpe:2.3:o:cisco:ios:15.0\(1\)ey1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)ey2

cpe:2.3:o:cisco:ios:15.0\(1\)ey2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)m

cpe:2.3:o:cisco:ios:15.0\(1\)m:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)m1

cpe:2.3:o:cisco:ios:15.0\(1\)m1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)m2

cpe:2.3:o:cisco:ios:15.0\(1\)m2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)m3

cpe:2.3:o:cisco:ios:15.0\(1\)m3:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)m4

cpe:2.3:o:cisco:ios:15.0\(1\)m4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)m5

cpe:2.3:o:cisco:ios:15.0\(1\)m5:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)m6

cpe:2.3:o:cisco:ios:15.0\(1\)m6:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)m7

cpe:2.3:o:cisco:ios:15.0\(1\)m7:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)m8

cpe:2.3:o:cisco:ios:15.0\(1\)m8:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)m9

cpe:2.3:o:cisco:ios:15.0\(1\)m9:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)m10

cpe:2.3:o:cisco:ios:15.0\(1\)m10:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)mr

cpe:2.3:o:cisco:ios:15.0\(1\)mr:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)s

cpe:2.3:o:cisco:ios:15.0\(1\)s:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)s1

cpe:2.3:o:cisco:ios:15.0\(1\)s1:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)s2

cpe:2.3:o:cisco:ios:15.0\(1\)s2:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)s3a

cpe:2.3:o:cisco:ios:15.0\(1\)s3a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)s4

cpe:2.3:o:cisco:ios:15.0\(1\)s4:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)s4a

cpe:2.3:o:cisco:ios:15.0\(1\)s4a:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)s5

cpe:2.3:o:cisco:ios:15.0\(1\)s5:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)s6

cpe:2.3:o:cisco:ios:15.0\(1\)s6:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)se

cpe:2.3:o:cisco:ios:15.0\(1\)se:*:*:*:*:*:*:*

Cisco Systems, Inc.

>>ios>>15.0\(1\)se1

cpe:2.3:o:cisco:ios:15.0\(1\)se1:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-285	Secondary	ykramarz@cisco.com

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-285

Type: Secondary

Source: ykramarz@cisco.com

References

Hyperlink	Source	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaascp-Tyj4fEJm	ykramarz@cisco.com	Vendor Advisory

Hyperlink: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaascp-Tyj4fEJm

Source: ykramarz@cisco.com

Resource:

Vendor Advisory

Similar CVEs

56Records found

CVE-2024-20441

Matching Score-6

Assigner-Cisco Systems, Inc.

View Details

Matching Score-6

Assigner-Cisco Systems, Inc.

CVSS Score-5.7||MEDIUM

EPSS-0.27% / 50.42%

7 Day CHG~0.00%

Published-02 Oct, 2024 | 16:53

Updated-08 Oct, 2024 | 13:45

Cisco Nexus Dashboard Fabric Controller Unauthorized API Endpoint Vulnerability

A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to learn sensitive information on an affected device. This vulnerability is due to insufficient authorization controls on the affected REST API endpoint. An attacker could exploit this vulnerability by sending crafted API requests to the affected endpoint. A successful exploit could allow the attacker to download config only or full backup files and learn sensitive configuration information. This vulnerability only affects a specific REST API endpoint and does not affect the web-based management interface.

Vendor-Cisco Systems, Inc.

Product-nexus_dashboard_fabric_controller nexus_dashboard Cisco Data Center Network Manager

CWE ID-CWE-285

Improper Authorization

CVE-2022-31247

Matching Score-4

Assigner-SUSE

View Details

Matching Score-4

Assigner-SUSE

CVSS Score-9.1||CRITICAL

EPSS-0.34% / 57.26%

7 Day CHG~0.00%

Published-07 Sep, 2022 | 08:20

Updated-16 Sep, 2024 | 19:52

Rancher: Downstream cluster privilege escalation through cluster and project role template binding (CRTB/PRTB)

An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16.

Vendor-SUSE

Product-rancher Rancher

CWE ID-CWE-285

Improper Authorization

CVE-2025-29778

Matching Score-4

Assigner-GitHub, Inc.

View Details

Matching Score-4

Assigner-GitHub, Inc.

CVSS Score-5.8||MEDIUM

EPSS-0.09% / 24.85%

7 Day CHG~0.00%

Published-24 Mar, 2025 | 16:38

Updated-01 Aug, 2025 | 13:10

Kyverno ignores subjectRegExp and IssuerRegExp

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were signed by unexpected certificate. Deploying these unauthorized kubernetes resources can lead to full compromise of kubernetes cluster. Version 1.14.0-alpha.1 contains a patch for the issue.

Vendor-kyverno kyverno

Product-kyverno kyverno

CWE ID-CWE-285

Improper Authorization

CVE-2026-22252

Matching Score-4

Assigner-GitHub, Inc.

View Details

Matching Score-4

Assigner-GitHub, Inc.

CVSS Score-9.1||CRITICAL

EPSS-0.10% / 27.37%

7 Day CHG~0.00%

Published-12 Jan, 2026 | 18:01

Updated-15 Jan, 2026 | 22:46

LibreChat MCP Stdio Remote Command Execution

LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fixed in v0.8.2-rc2.

Vendor-librechat danny-avila

Product-librechat LibreChat

CWE ID-CWE-285

Improper Authorization

CVE-2021-32523

Matching Score-4

Assigner-TWCERT/CC

View Details

Matching Score-4

Assigner-TWCERT/CC

CVSS Score-9.1||CRITICAL

EPSS-0.23% / 45.93%

7 Day CHG~0.00%

Published-07 Jul, 2021 | 14:12

Updated-16 Sep, 2024 | 23:45

QSAN Storage Manager - Improper Authorization

Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to bypass the access control and execute arbitrary commands. Suggest contacting with QSAN and refer to recommendations in QSAN Document.

Vendor-qsan QSAN

Product-storage_manager Storage Manager

CWE ID-CWE-285

Improper Authorization

CVE-2021-36029

Matching Score-4

Assigner-Adobe Systems Incorporated

View Details

Matching Score-4

Assigner-Adobe Systems Incorporated

CVSS Score-9.1||CRITICAL

EPSS-3.45% / 87.70%

7 Day CHG~0.00%

Published-01 Sep, 2021 | 14:29

Updated-16 Sep, 2024 | 19:46

Magento Commerce Improper Authorization Vulnerability Could Lead To Remote Code Execution

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. An attacker with admin privileges could leverage this vulnerability to achieve remote code execution.

Vendor-Adobe Inc.

Product-magento_open_source adobe_commerce Magento Commerce

CWE ID-CWE-285

Improper Authorization

CVE-2023-20186

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs