Cisco IOS XE Software Privilege Escalation Vulnerability [CVE-2023-20029]

March 27, 2023 Jason Davies 962 Views 0 Comments Cisco, CVE-2023-20029, Privilege Escalation Vulnerability 0 min read

CVE number = CVE-2023-20029

A vulnerability in the Cloud Management for Catalyst migration feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root-level privileges on an affected device.

This vulnerability is due to insufficient memory protection in the Cisco IOS XE Meraki migration feature of an affected device. An attacker could exploit this vulnerability by modifying the Meraki registration parameters. A successful exploit could allow the attacker to elevate privileges to root.

Vulnerable Products

At the time of publication, this vulnerability affected the following Cisco devices if they were running a vulnerable release of Cisco IOS XE Software:

Catalyst 9200 Series Switches
Catalyst 9300 Series Switches

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-priv-esc-sABD8hcU

Jason Davies

I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.

Cisco IOS XE Software Privilege Escalation Vulnerability [CVE-2023-20029]

Vulnerable Products

Like this:

Related Posts

Jason Davies

Leave a ReplyCancel reply

Vulnerable Products

Share this:

Like this:

Related Posts

Jason Davies

Leave a ReplyCancel reply