Known Exploited Vulnerability
7.2
HIGH
CVE-2023-20273
Cisco IOS XE Web UI Command Injection Vulnerabilit - [Actively Exploited]
Description

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.

INFO

Published Date :

Oct. 25, 2023, 6:17 p.m.

Last Modified :

June 17, 2024, 1:29 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

1.2
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.

Required Action :

Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.

Notes :

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z

Public PoC/Exploit Available at Github

CVE-2023-20273 has a 13 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2023-20273 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Cisco ios_xe
2 Cisco catalyst_3650
3 Cisco catalyst_3650-12x48fd-e
4 Cisco catalyst_3650-12x48fd-l
5 Cisco catalyst_3650-12x48fd-s
6 Cisco catalyst_3650-12x48uq
7 Cisco catalyst_3650-12x48uq-e
8 Cisco catalyst_3650-12x48uq-l
9 Cisco catalyst_3650-12x48uq-s
10 Cisco catalyst_3650-12x48ur
11 Cisco catalyst_3650-12x48ur-e
12 Cisco catalyst_3650-12x48ur-l
13 Cisco catalyst_3650-12x48ur-s
14 Cisco catalyst_3650-12x48uz
15 Cisco catalyst_3650-12x48uz-e
16 Cisco catalyst_3650-12x48uz-l
17 Cisco catalyst_3650-12x48uz-s
18 Cisco catalyst_3650-24pd
19 Cisco catalyst_3650-24pd-e
20 Cisco catalyst_3650-24pd-l
21 Cisco catalyst_3650-24pd-s
22 Cisco catalyst_3650-24pdm
23 Cisco catalyst_3650-24pdm-e
24 Cisco catalyst_3650-24pdm-l
25 Cisco catalyst_3650-24pdm-s
26 Cisco catalyst_3650-24ps-e
27 Cisco catalyst_3650-24ps-l
28 Cisco catalyst_3650-24ps-s
29 Cisco catalyst_3650-24td-e
30 Cisco catalyst_3650-24td-l
31 Cisco catalyst_3650-24td-s
32 Cisco catalyst_3650-24ts-e
33 Cisco catalyst_3650-24ts-l
34 Cisco catalyst_3650-24ts-s
35 Cisco catalyst_3650-48fd-e
36 Cisco catalyst_3650-48fd-l
37 Cisco catalyst_3650-48fd-s
38 Cisco catalyst_3650-48fq
39 Cisco catalyst_3650-48fq-e
40 Cisco catalyst_3650-48fq-l
41 Cisco catalyst_3650-48fq-s
42 Cisco catalyst_3650-48fqm
43 Cisco catalyst_3650-48fqm-e
44 Cisco catalyst_3650-48fqm-l
45 Cisco catalyst_3650-48fqm-s
46 Cisco catalyst_3650-48fs-e
47 Cisco catalyst_3650-48fs-l
48 Cisco catalyst_3650-48fs-s
49 Cisco catalyst_3650-48pd-e
50 Cisco catalyst_3650-48pd-l
51 Cisco catalyst_3650-48pd-s
52 Cisco catalyst_3650-48pq-e
53 Cisco catalyst_3650-48pq-l
54 Cisco catalyst_3650-48pq-s
55 Cisco catalyst_3650-48ps-e
56 Cisco catalyst_3650-48ps-l
57 Cisco catalyst_3650-48ps-s
58 Cisco catalyst_3650-48td-e
59 Cisco catalyst_3650-48td-l
60 Cisco catalyst_3650-48td-s
61 Cisco catalyst_3650-48tq-e
62 Cisco catalyst_3650-48tq-l
63 Cisco catalyst_3650-48tq-s
64 Cisco catalyst_3650-48ts-e
65 Cisco catalyst_3650-48ts-l
66 Cisco catalyst_3650-48ts-s
67 Cisco catalyst_3650-8x24pd-e
68 Cisco catalyst_3650-8x24pd-l
69 Cisco catalyst_3650-8x24pd-s
70 Cisco catalyst_3650-8x24uq
71 Cisco catalyst_3650-8x24uq-e
72 Cisco catalyst_3650-8x24uq-l
73 Cisco catalyst_3650-8x24uq-s
74 Cisco catalyst_3850
75 Cisco catalyst_3850-12s-e
76 Cisco catalyst_3850-12s-s
77 Cisco catalyst_3850-12x48u
78 Cisco catalyst_3850-12xs-e
79 Cisco catalyst_3850-12xs-s
80 Cisco catalyst_3850-16xs-e
81 Cisco catalyst_3850-16xs-s
82 Cisco catalyst_3850-24p-e
83 Cisco catalyst_3850-24p-l
84 Cisco catalyst_3850-24p-s
85 Cisco catalyst_3850-24pw-s
86 Cisco catalyst_3850-24s-e
87 Cisco catalyst_3850-24s-s
88 Cisco catalyst_3850-24t-e
89 Cisco catalyst_3850-24t-l
90 Cisco catalyst_3850-24t-s
91 Cisco catalyst_3850-24u
92 Cisco catalyst_3850-24u-e
93 Cisco catalyst_3850-24u-l
94 Cisco catalyst_3850-24u-s
95 Cisco catalyst_3850-24xs
96 Cisco catalyst_3850-24xs-e
97 Cisco catalyst_3850-24xs-s
98 Cisco catalyst_3850-24xu
99 Cisco catalyst_3850-24xu-e
100 Cisco catalyst_3850-24xu-l
101 Cisco catalyst_3850-24xu-s
102 Cisco catalyst_3850-32xs-e
103 Cisco catalyst_3850-32xs-s
104 Cisco catalyst_3850-48f-e
105 Cisco catalyst_3850-48f-l
106 Cisco catalyst_3850-48f-s
107 Cisco catalyst_3850-48p-e
108 Cisco catalyst_3850-48p-l
109 Cisco catalyst_3850-48p-s
110 Cisco catalyst_3850-48pw-s
111 Cisco catalyst_3850-48t-e
112 Cisco catalyst_3850-48t-l
113 Cisco catalyst_3850-48t-s
114 Cisco catalyst_3850-48u
115 Cisco catalyst_3850-48u-e
116 Cisco catalyst_3850-48u-l
117 Cisco catalyst_3850-48u-s
118 Cisco catalyst_3850-48xs
119 Cisco catalyst_3850-48xs-e
120 Cisco catalyst_3850-48xs-f-e
121 Cisco catalyst_3850-48xs-f-s
122 Cisco catalyst_3850-48xs-s
123 Cisco catalyst_3850-nm-2-40g
124 Cisco catalyst_3850-nm-8-10g
: Total Affected Vendor : 1 | Products : 124
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2023-20273.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
sanan2004/CVE-2023-20198

None

Python

Updated: 2 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Aug. 26, 2024, 8:16 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
shikha1149myprojects/LogAnalysis-IncidentResponse

None

Updated: 4 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : June 26, 2024, 5:33 a.m. This repo has been linked 2 different CVEs too.
Profile Photo
smokeintheshell/CVE-2023-20273

CVE-2023-20273 Exploit PoC

Python

Updated: 3 months, 1 week ago
8 stars 3 fork 3 watcher
Born at : Dec. 9, 2023, 7:25 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
smokeintheshell/CVE-2023-20198

CVE-2023-20198 Exploit PoC

Python

Updated: 3 months, 1 week ago
36 stars 6 fork 6 watcher
Born at : Nov. 16, 2023, 4:39 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
cadencejames/Check-HttpServerStatus

Checks the status of 'ip http server' and 'ip http secure-server' on Cisco networking devices

PowerShell

Updated: 1 year ago
0 stars 0 fork 0 watcher
Born at : Nov. 2, 2023, 4:35 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
Shadow0ps/CVE-2023-20198-Scanner

This is a webshell fingerprinting scanner designed to identify implants on Cisco IOS XE WebUI's affected by CVE-2023-20198 and CVE-2023-20273

Python

Updated: 9 months, 2 weeks ago
29 stars 5 fork 5 watcher
Born at : Oct. 23, 2023, 7:25 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
fox-it/cisco-ios-xe-implant-detection

Cisco IOS XE implant scanning & detection (CVE-2023-20198, CVE-2023-20273)

cisco cisco-ios-xe cve-2023-20198 cve-2023-20273 iocisco pcap suricata badcandy

Python

Updated: 6 months, 1 week ago
37 stars 7 fork 7 watcher
Born at : Oct. 23, 2023, 2:52 p.m. This repo has been linked 3 different CVEs too.
Profile Photo
aleff-github/my-flipper-shits

Free and libre source BadUSB payloads for Flipper Zero. [Windows, GNU/Linux, iOS]

flipper-zero flipperzero flipper-badusb flipper-zero-payload hak5 rubberducky badusb duckyscript linux open-source windows free badusb-payloads free-payloads ios iphone

PowerShell Python Shell HTML JavaScript TeX

Updated: 2 months, 1 week ago
1055 stars 70 fork 70 watcher
Born at : Jan. 4, 2023, 10:05 a.m. This repo has been linked 5 different CVEs too.
Profile Photo
H4lo/awesome-IoT-security-article

Collect some iot-related security articles, including vulnerability analysis, security conferences and papers, etc.

iot-security

Updated: 2 months, 2 weeks ago
211 stars 27 fork 27 watcher
Born at : Dec. 6, 2022, 1:11 p.m. This repo has been linked 46 different CVEs too.
Profile Photo
f1tao/awesome-iot-security-resource

awesome iot exploit resource

iot security awesome awesome-list firmware hardware-hacking iot-device iot-security embedded exploit vulnerability

Updated: 2 months, 1 week ago
36 stars 4 fork 4 watcher
Born at : Nov. 13, 2022, 11:03 p.m. This repo has been linked 25 different CVEs too.
Profile Photo
Ostorlab/KEV

Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.

cisa-kev vulnerability 0day cisa exploits

Updated: 2 months, 2 weeks ago
516 stars 32 fork 32 watcher
Born at : April 19, 2022, 8:58 a.m. This repo has been linked 1181 different CVEs too.
Profile Photo
aleff-github/aleff-github

None

Updated: 4 months, 1 week ago
1 stars 0 fork 0 watcher
Born at : Nov. 16, 2020, 2:26 p.m. This repo has been linked 5 different CVEs too.
Profile Photo
nomi-sec/PoC-in-GitHub

📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

security cve exploit poc vulnerability

Updated: 2 months, 1 week ago
6375 stars 1107 fork 1107 watcher
Born at : Dec. 8, 2019, 1:03 p.m. This repo has been linked 904 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2023-20273 vulnerability anywhere in the article.

  • TheCyberThrone
Top 15 Most Exploited Vulnerabilities in 2023

In a joint cybersecurity advisory, the security agencies across the world have identified the most exploited vulnerabilities of 2023. This advisory, coauthored by the Cybersecurity and Infrastructure ... Read more

Published Date: Nov 16, 2024 (5 days, 11 hours ago)
CVE-2024-9693 CVE-2024-47574 CVE-2023-49103 CVE-2023-20273 CVE-2023-20198 CVE-2023-4966 CVE-2023-22515 CVE-2023-42793 CVE-2023-3519 CVE-2023-27997 ...+7 more CVE
  • The Register
Five Eyes infosec agencies list 2024's most exploited software flaws

The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15 most exploited vulnerabilities, and warned that attacks on zero-day exploits have ... Read more

Published Date: Nov 14, 2024 (1 week ago)
CVE-2023-49103 CVE-2023-20273 CVE-2023-20198 CVE-2023-4966 CVE-2023-22515 CVE-2023-42793 CVE-2023-3519 CVE-2023-27997 CVE-2023-34362 CVE-2023-2868 ...+4 more CVE
  • Cybersecurity News
2023’s Most Exploited Vulnerabilities: A Global Cybersecurity Advisory

In a joint cybersecurity advisory, the top cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom have identified the most exploited vulnerabilities of 2 ... Read more

Published Date: Nov 14, 2024 (1 week ago)
CVE-2024-10914 CVE-2024-43383 CVE-2024-10327 CVE-2024-9264 CVE-2024-6387 CVE-2024-35250 CVE-2024-23539 CVE-2023-49103 CVE-2023-20273 CVE-2023-20198 ...+13 more CVE
  • The Cyber Express
Top 15 Exploited Cyber Vulnerabilities Revealed: Five Eyes Alliance Urges Immediate Patching

The FBI, NSA, and allied agencies within the Five Eyes intelligence network have published a list of the 15 most exploited vulnerabilities from 2023. The cybersecurity advisory, a collaborative effort ... Read more

Published Date: Nov 13, 2024 (1 week, 1 day ago)
CVE-2024-42509 CVE-2024-21893 CVE-2024-21887 CVE-2023-46805 CVE-2023-49103 CVE-2023-20273 CVE-2023-20198 CVE-2023-4966 CVE-2023-22515 CVE-2023-42793 ...+10 more CVE
  • BleepingComputer
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023

​The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year. A joint advis ... Read more

Published Date: Nov 12, 2024 (1 week, 1 day ago)
CVE-2023-49103 CVE-2023-20273 CVE-2023-20198 CVE-2023-4966 CVE-2023-22515 CVE-2023-42793 CVE-2023-3519 CVE-2023-27997 CVE-2023-34362 CVE-2023-2868 ...+5 more CVE
  • security.nl
VS publiceert overzicht van meest misbruikte kwetsbaarheden in 2023

De Amerikaanse autoriteiten hebben samen met cyberagentschappen uit Australië, Canada, Nieuw-Zeeland en het Verenigd Koninkrijk een overzicht van de meest misbruikte kwetsbaarheden in 2023 opgesteld. ... Read more

Published Date: Nov 12, 2024 (1 week, 1 day ago)
CVE-2023-6448 CVE-2023-49103 CVE-2023-22518 CVE-2023-20273 CVE-2023-20198 CVE-2023-4966 CVE-2023-44487 CVE-2023-22515 CVE-2023-42793 CVE-2023-41064 ...+36 more CVE

The following table lists the changes that have been made to the CVE-2023-20273 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Jun. 17, 2024

    Action Type Old Value New Value
    Removed CWE NIST NVD-CWE-noinfo
    Added CWE NIST CWE-78
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CVE Modified by [email protected]

    Jan. 25, 2024

    Action Type Old Value New Value
    Removed Reference Cisco Systems, Inc. http://packetstormsecurity.com/files/175674/Cisco-IOX-XE-Unauthenticated-Remote-Code-Execution.html
    Added CWE Cisco Systems, Inc. CWE-78
  • Modified Analysis by [email protected]

    Nov. 15, 2023

    Action Type Old Value New Value
    Changed Reference Type http://packetstormsecurity.com/files/175674/Cisco-IOX-XE-Unauthenticated-Remote-Code-Execution.html No Types Assigned http://packetstormsecurity.com/files/175674/Cisco-IOX-XE-Unauthenticated-Remote-Code-Execution.html Exploit, Third Party Advisory, VDB Entry
  • CVE Modified by [email protected]

    Nov. 14, 2023

    Action Type Old Value New Value
    Added Reference Cisco Systems, Inc. http://packetstormsecurity.com/files/175674/Cisco-IOX-XE-Unauthenticated-Remote-Code-Execution.html [No types assigned]
  • CVE Modified by [email protected]

    Nov. 07, 2023

    Action Type Old Value New Value
    Changed Description A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.
  • Initial Analysis by [email protected]

    Oct. 31, 2023

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z No Types Assigned https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z Vendor Advisory
    Added CWE NIST NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* versions from (including) 17.3 up to (excluding) 17.3.8a *cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* versions from (including) 17.6 up to (excluding) 17.6.6a *cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* versions from (including) 17.9 up to (excluding) 17.9.4a
    Added CPE Configuration AND OR *cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:* versions from (including) 16.12 up to (excluding) 16.12.10a OR cpe:2.3:h:cisco:catalyst_3650:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-12x48fd-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-12x48fd-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-12x48fd-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-12x48uq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-12x48uq-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-12x48uq-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-12x48uq-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-12x48ur:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-12x48ur-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-12x48ur-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-12x48ur-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-12x48uz:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-12x48uz-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-12x48uz-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-12x48uz-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24pd:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24pd-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24pd-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24pd-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24pdm:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24pdm-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24pdm-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24pdm-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24ps-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24ps-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24ps-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24td-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24td-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24td-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24ts-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24ts-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-24ts-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48fd-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48fd-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48fd-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48fq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48fq-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48fq-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48fq-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48fqm:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48fqm-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48fqm-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48fqm-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48fs-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48fs-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48fs-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48pd-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48pd-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48pd-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48pq-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48pq-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48pq-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48ps-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48ps-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48ps-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48td-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48td-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48td-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48tq-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48tq-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48tq-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48ts-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48ts-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-48ts-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-8x24pd-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-8x24pd-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-8x24pd-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-8x24uq:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-8x24uq-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-8x24uq-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3650-8x24uq-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-12s-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-12s-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-12x48u:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-12xs-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-12xs-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-16xs-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-16xs-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24p-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24p-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24p-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24pw-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24s-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24s-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24t-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24t-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24t-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24u:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24u-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24u-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24u-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24xs:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24xs-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24xs-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24xu:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24xu-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24xu-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-24xu-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-32xs-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-32xs-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48f-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48f-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48f-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48p-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48p-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48p-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48pw-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48t-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48t-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48t-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48u:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48u-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48u-l:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48u-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48xs:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48xs-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48xs-f-e:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48xs-f-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-48xs-s:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-nm-2-40g:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:catalyst_3850-nm-8-10g:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2023-20273 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2023-20273 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

7.47 }} 3.71%

score

0.94288

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: