CVE-2023-20254

Name of the Vulnerable Software and Affected Versions Cisco Catalyst SD-WAN Manager (affected versions not specified)

Description The issue is related to insufficient user session management within the Cisco Catalyst SD-WAN Manager system, specifically in the multi-tenant feature. This could allow an authenticated, remote attacker to access another tenant being managed by the same instance, potentially gaining unauthorized access to information, making configuration changes, or causing a denial of service condition. The vulnerability requires the multi-tenant feature to be enabled and can be exploited by sending a crafted request to an affected system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.