{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T02:01:37.909","vulnerabilities":[{"cve":{"id":"CVE-2023-20179","sourceIdentifier":"psirt@cisco.com","published":"2023-09-27T18:15:10.987","lastModified":"2024-11-21T07:40:45.417","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content.\r\n\r This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application."},{"lang":"es","value":"Una vulnerabilidad en la interfaz de administración web de Cisco Catalyst SD-WAN Manager, anteriormente Cisco SD-WAN vManage, podría permitir que un atacante remoto autenticado inyecte contenido HTML. Esta vulnerabilidad se debe a una validación inadecuada de los datos proporcionados por el usuario en los campos de elementos. Un atacante podría aprovechar esta vulnerabilidad enviando contenido malicioso dentro de las solicitudes y persuadiendo a un usuario para que vea una página que contenga contenido inyectado. Un exploit exitoso podría permitir al atacante modificar páginas dentro de la interfaz de administración basada en web, lo que posiblemente generaría más ataques basados en el navegador contra los usuarios de la aplicación."}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-80"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*","versionEndExcluding":"20.6.6","matchCriteriaId":"24F12886-47A6-42A3-8408-5F0CEC98ECB0"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:sd-wan_vmanage:*:*:*:*:*:*:*:*","versionStartIncluding":"20.7","versionEndExcluding":"20.10","matchCriteriaId":"1DE03263-AA9C-4717-AF0B-33A5852623FE"}]}]}],"references":[{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-3ZKh8d6x","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-html-3ZKh8d6x","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}