CVE-2023-20154

Name of the Vulnerable Software and Affected Versions Cisco Modeling Labs (affected versions not specified)

Description The issue is related to the external authentication mechanism of Cisco Modeling Labs, which can be exploited by an unauthenticated, remote attacker to access the web interface with administrative privileges. This is due to the improper handling of certain messages returned by the associated external authentication server. An attacker could exploit this vulnerability by logging in to the web interface of an affected server, potentially bypassing the authentication mechanism and gaining administrative privileges. A successful exploit could allow the attacker to access and modify every simulation and all user-created data. The attacker would need valid user credentials stored on the associated external authentication server to exploit this vulnerability.

Recommendations To resolve the issue, update to a version of Cisco Modeling Labs that includes the software updates released by Cisco to address this vulnerability. As a temporary workaround, consider restricting access to the external authentication mechanism until a patch is available. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the external authentication server until the issue is resolved.