{"vulnerability": "CVE-2023-2025", "sightings": [{"uuid": "be320ff1-96ca-4a1d-937a-6fe8fd41f636", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20259", "type": "seen", "source": "https://t.me/cibsecurity/71608", "content": "\u203c CVE-2023-20259 \u203c\n\nA vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-04T20:12:03.000000Z"}, {"uuid": "40940419-e877-4b0a-826f-12cecf13ef8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20256", "type": "seen", "source": "https://t.me/cibsecurity/73344", "content": "\u203c CVE-2023-20256 \u203c\n\nMultiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-01T19:21:59.000000Z"}, {"uuid": "10bfff82-6709-4ce3-aae8-95cdc339e3a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20252", "type": "published-proof-of-concept", "source": "Telegram/Fwp63kFR1ejne67uCydpDMgAF8KtL8WBoKV3_vP0460IO2Pm", "content": "", "creation_timestamp": "2023-09-29T19:36:15.000000Z"}, {"uuid": "7fe54284-4c50-4246-b317-5b4c1b5cfb09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20258", "type": "seen", "source": "https://t.me/ctinow/174981", "content": "https://ift.tt/qF6yrzL\nCVE-2023-20258 | Cisco Prime Infrastructure Web-based Management Interface Privilege Escalation (cisco-sa-pi-epnm-wkZJeyeq)", "creation_timestamp": "2024-01-28T16:56:17.000000Z"}, {"uuid": "431e4332-83b1-494c-81de-4a5f5d4ff55f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20252", "type": "seen", "source": "https://t.me/true_secator/4909", "content": "Cisco \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0432 \u041f\u041e IOS \u0438 IOS XE, \u043a\u043e\u0442\u043e\u0440\u0430\u044f, \u043f\u043e-\u0432\u0438\u0434\u0438\u043c\u043e\u043c\u0443, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.\n\nCVE-2023-20109 \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0444\u0443\u043d\u043a\u0446\u0438\u044e Group Encrypted Transport VPN (GET VPN) \u0432 IOS \u0438 IOS XE \u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE. \u0414\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e, \u0447\u0442\u043e\u0431\u044b \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0438\u043c\u0435\u043b \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0447\u043b\u0435\u043d\u043e\u043c \u0433\u0440\u0443\u043f\u043f\u044b \u0438\u043b\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u043a\u043b\u044e\u0447\u0435\u0439.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0430\u0442\u0440\u0438\u0431\u0443\u0442\u043e\u0432 \u0432 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430\u0445 \u0433\u0440\u0443\u043f\u043f\u043e\u0432\u043e\u0433\u043e \u0434\u043e\u043c\u0435\u043d\u0430 \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0446\u0438\u0438 (GDOI) \u0438 G-IKEv2 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 GET VPN.\n\n\u041e\u043d\u0430 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b Cisco, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 IOS \u0438\u043b\u0438 IOS XE \u0441 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u044b\u043c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u043c GDOI \u0438\u043b\u0438 G-IKEv2.\n\n\u0414\u043b\u044f \u043e\u0448\u0438\u0431\u043a\u0438 \u043d\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0441\u043f\u043e\u0441\u043e\u0431\u043e\u0432 \u043e\u0431\u0445\u043e\u0434\u0430, \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c Cisco \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435, \u043e\u0441\u043e\u0431\u0435\u043d\u043d\u043e \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u044f \u0432\u043e \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0432 \u0445\u043e\u0434\u0435 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0433\u043e \u0440\u0430\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, Cisco \u0442\u0430\u043a\u0436\u0435 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0430 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u043e\u0432\u00a0\u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 Catalyst SD-WAN Manager, \u0432\u043a\u043b\u044e\u0447\u0430\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443 (CVE-2023-20252, \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 9,8) \u0432 API-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430\u0445 SAML, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u043b\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443, \u043d\u0435 \u043f\u0440\u043e\u0448\u0435\u0434\u0448\u0435\u043c\u0443 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044e \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 \u0434\u0440\u0443\u0433\u0438\u043c\u0438 \u0447\u0435\u0442\u044b\u0440\u044c\u043c\u044f \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0438 \u043e\u0442\u043a\u0430\u0442\u0430 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u0430, \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445 Elasticsearch \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0434\u0440\u0443\u0433\u043e\u043c\u0443 \u0430\u0440\u0435\u043d\u0434\u0430\u0442\u043e\u0440\u0443, \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c\u043e\u043c\u0443 \u043d\u0430 \u0442\u043e\u043c \u0436\u0435 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u0435, \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c DoS.\n\n\u0414\u0440\u0443\u0433\u0438\u0435 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0438\u0435 \u043a RCE, DoS, \u0434\u043e\u0441\u0442\u0443\u043f\u0443 \u043a \u0434\u0430\u043d\u043d\u044b\u043c, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043a\u0440\u0430\u0436\u0435 \u0444\u0430\u0439\u043b\u043e\u0432, \u0431\u044b\u043b\u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u041f\u041e \u0434\u043b\u044f IOS, IOS XE \u0438 Cisco DNA Center.\u00a0\n\n\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0433\u0438\u0433\u0430\u043d\u0442 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u0440\u0443\u0433\u0438\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438, \u0432\u043b\u0438\u044f\u044e\u0449\u0438\u0445 \u043d\u0430 \u0435\u0433\u043e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u044b.\n\nCisco \u0437\u0430\u044f\u0432\u043b\u044f\u0435\u0442, \u0447\u0442\u043e, \u0437\u0430 \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c CVE-2023-20109, \u0435\u0439 \u043d\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043d\u0438 \u043e\u0431 \u043e\u0434\u043d\u043e\u0439 \u0438\u0437 \u044d\u0442\u0438\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u0431\u044b \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.", "creation_timestamp": "2023-09-29T12:12:31.000000Z"}, {"uuid": "8cc635c7-f22f-4e0a-827f-2f0b71d5cbda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20254", "type": "seen", "source": "https://t.me/cibsecurity/71137", "content": "\u203c CVE-2023-20254 \u203c\n\nA vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled. This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-27T22:36:01.000000Z"}, {"uuid": "40fb34d5-ae14-406a-ab70-59c457f15b41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20251", "type": "seen", "source": "https://t.me/cibsecurity/71136", "content": "\u203c CVE-2023-20251 \u203c\n\nA vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could allow the attacker to cause the affected device to reboot after a significant amount of time, resulting in a denial of service (DoS) condition.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-27T22:36:00.000000Z"}, {"uuid": "65ae459b-010d-43ae-965f-5fda21710fa9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20253", "type": "seen", "source": "https://t.me/cibsecurity/71143", "content": "\u203c CVE-2023-20253 \u203c\n\nA vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to improper access control in the cli-management interface of an affected system. An attacker with low-privilege (read only) access to the cli could exploit this vulnerability by sending a request to roll back the configuration on for other controller and devices managed by an affected system. A successful exploit could allow the attacker to to roll back the configuration on for other controller and devices managed by an affected system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-27T22:36:07.000000Z"}, {"uuid": "ba63611e-8ac3-4438-8b4b-f28b1865beed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20252", "type": "seen", "source": "https://t.me/cibsecurity/71141", "content": "\u203c CVE-2023-20252 \u203c\n\nA vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-27T22:36:06.000000Z"}, {"uuid": "f8254cc6-ecbf-4021-92a2-934785c6cf97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20257", "type": "seen", "source": "https://t.me/ctinow/174985", "content": "https://ift.tt/oiGcavB\nCVE-2023-20257 | Cisco Evolved Programmable Network Manager Web-based Management Interface cross site scripting (cisco-sa-pi-epnm-wkZJeyeq)", "creation_timestamp": "2024-01-28T17:26:45.000000Z"}, {"uuid": "50ca43aa-c817-4ed9-a1ff-dff1656c0f5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20258", "type": "seen", "source": "https://t.me/ctinow/169400", "content": "https://ift.tt/C2mAsMp\nCVE-2023-20258", "creation_timestamp": "2024-01-17T18:27:05.000000Z"}, {"uuid": "2eb30fdb-b198-4306-b2d0-938ef1580ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20257", "type": "seen", "source": "https://t.me/ctinow/169399", "content": "https://ift.tt/19P4Yn3\nCVE-2023-20257", "creation_timestamp": "2024-01-17T18:27:02.000000Z"}, {"uuid": "815fb4fd-5d57-4ace-9502-6315e28ead74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20250", "type": "seen", "source": "https://t.me/cibsecurity/70019", "content": "\u203c CVE-2023-20250 \u203c\n\nA vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-06T20:17:49.000000Z"}, {"uuid": "0ea7a0ee-4ac8-45d5-a388-e497f8a312e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2025", "type": "seen", "source": "https://t.me/cibsecurity/64432", "content": "\u203c CVE-2023-2025 \u203c\n\nOpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-19T00:32:25.000000Z"}]}