Refine your search
4 vulnerabilities found for Cisco Secure Workload by Cisco
CVE-2026-20223 (GCVE-0-2026-20223)
Vulnerability from cvelistv5
Published
2026-05-20 16:06
Modified
2026-05-21 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-306 - Missing Authentication for Critical Function
Summary
A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role.
This vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the Site Admin user.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Workload |
Version: 2.2.1.41 Version: 3.2.1.18 Version: 3.3.2.50 Version: 3.4.1.28 Version: 3.4.1.34 Version: 2.3.1.45 Version: 2.3.1.41 Version: 3.3.2.28 Version: 3.1.1.59 Version: 2.0.2.20 Version: 2.1.1.33 Version: 2.1.1.29 Version: 3.2.1.28 Version: 3.4.1.35 Version: 3.1.1.65 Version: 3.1.1.67 Version: 2.0.1.34 Version: 2.3.1.49 Version: 2.2.1.39 Version: 3.4.1.19 Version: 3.3.2.23 Version: 3.1.1.61 Version: 3.1.1.54 Version: 3.5.1.17 Version: 3.3.2.33 Version: 3.5.1.1 Version: 2.3.1.53 Version: 3.5.1.20 Version: 3.5.1.30 Version: 3.3.2.16 Version: 3.1.1.55 Version: 3.4.1.6 Version: 2.3.1.50 Version: 2.3.1.52 Version: 3.2.1.19 Version: 2.2.1.35 Version: 3.1.1.53 Version: 3.1.1.70 Version: 3.2.1.20 Version: 3.5.1.2 Version: 1.103.1.12 Version: 2.3.1.51 Version: 3.3.2.42 Version: 3.4.1.1 Version: 3.3.2.12 Version: 2.1.1.31 Version: 3.5.1.23 Version: 3.3.2.53 Version: 3.4.1.14 Version: 3.3.2.2 Version: 3.4.1.20 Version: 3.3.2.35 Version: 2.2.1.34 Version: 1.102.21 Version: 3.3.2.5 Version: 3.5.1.31 Version: 3.6.1.5 Version: 3.2.1.31 Version: 3.5.1.37 Version: 3.4.1.40 Version: 3.6.1.17 Version: 3.6.1.21 Version: 3.2.1.32 Version: 3.2.1.33 Version: 3.6.1.35 Version: 3.6.1.36 Version: 3.7.1.5 Version: 3.6.1.47 Version: 3.7.1.22 Version: 3.6.1.52 Version: 3.7.1.39 Version: 3.8.1.1 Version: 3.7.1.51 Version: 3.8.1.19 Version: 3.8.1.36 Version: 3.7.1.59 Version: 3.8.1.39 Version: 3.9.1.1 Version: 3.9.1.10 Version: 3.9.1.24 Version: 3.9.1.25 Version: 3.9.1.28 Version: 3.9.1.38 Version: 3.8.1.53 Version: 3.9.1.52 Version: 3.10.1.1 Version: 3.9.1.64 Version: 3.10.2.11 Version: 3.9.1.66 Version: 3.10.3.19 Version: 3.9.1.69 Version: 3.10.4.8 Version: 3.10.5.6 Version: 4.0.1.1 Version: 4.0.2.4 Version: 4.0.2.5 Version: 3.10.6.3 Version: 3.10.7.4 Version: 4.0.3.13 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-20223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-20T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-21T03:55:37.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Workload",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.2.1.41"
},
{
"status": "affected",
"version": "3.2.1.18"
},
{
"status": "affected",
"version": "3.3.2.50"
},
{
"status": "affected",
"version": "3.4.1.28"
},
{
"status": "affected",
"version": "3.4.1.34"
},
{
"status": "affected",
"version": "2.3.1.45"
},
{
"status": "affected",
"version": "2.3.1.41"
},
{
"status": "affected",
"version": "3.3.2.28"
},
{
"status": "affected",
"version": "3.1.1.59"
},
{
"status": "affected",
"version": "2.0.2.20"
},
{
"status": "affected",
"version": "2.1.1.33"
},
{
"status": "affected",
"version": "2.1.1.29"
},
{
"status": "affected",
"version": "3.2.1.28"
},
{
"status": "affected",
"version": "3.4.1.35"
},
{
"status": "affected",
"version": "3.1.1.65"
},
{
"status": "affected",
"version": "3.1.1.67"
},
{
"status": "affected",
"version": "2.0.1.34"
},
{
"status": "affected",
"version": "2.3.1.49"
},
{
"status": "affected",
"version": "2.2.1.39"
},
{
"status": "affected",
"version": "3.4.1.19"
},
{
"status": "affected",
"version": "3.3.2.23"
},
{
"status": "affected",
"version": "3.1.1.61"
},
{
"status": "affected",
"version": "3.1.1.54"
},
{
"status": "affected",
"version": "3.5.1.17"
},
{
"status": "affected",
"version": "3.3.2.33"
},
{
"status": "affected",
"version": "3.5.1.1"
},
{
"status": "affected",
"version": "2.3.1.53"
},
{
"status": "affected",
"version": "3.5.1.20"
},
{
"status": "affected",
"version": "3.5.1.30"
},
{
"status": "affected",
"version": "3.3.2.16"
},
{
"status": "affected",
"version": "3.1.1.55"
},
{
"status": "affected",
"version": "3.4.1.6"
},
{
"status": "affected",
"version": "2.3.1.50"
},
{
"status": "affected",
"version": "2.3.1.52"
},
{
"status": "affected",
"version": "3.2.1.19"
},
{
"status": "affected",
"version": "2.2.1.35"
},
{
"status": "affected",
"version": "3.1.1.53"
},
{
"status": "affected",
"version": "3.1.1.70"
},
{
"status": "affected",
"version": "3.2.1.20"
},
{
"status": "affected",
"version": "3.5.1.2"
},
{
"status": "affected",
"version": "1.103.1.12"
},
{
"status": "affected",
"version": "2.3.1.51"
},
{
"status": "affected",
"version": "3.3.2.42"
},
{
"status": "affected",
"version": "3.4.1.1"
},
{
"status": "affected",
"version": "3.3.2.12"
},
{
"status": "affected",
"version": "2.1.1.31"
},
{
"status": "affected",
"version": "3.5.1.23"
},
{
"status": "affected",
"version": "3.3.2.53"
},
{
"status": "affected",
"version": "3.4.1.14"
},
{
"status": "affected",
"version": "3.3.2.2"
},
{
"status": "affected",
"version": "3.4.1.20"
},
{
"status": "affected",
"version": "3.3.2.35"
},
{
"status": "affected",
"version": "2.2.1.34"
},
{
"status": "affected",
"version": "1.102.21"
},
{
"status": "affected",
"version": "3.3.2.5"
},
{
"status": "affected",
"version": "3.5.1.31"
},
{
"status": "affected",
"version": "3.6.1.5"
},
{
"status": "affected",
"version": "3.2.1.31"
},
{
"status": "affected",
"version": "3.5.1.37"
},
{
"status": "affected",
"version": "3.4.1.40"
},
{
"status": "affected",
"version": "3.6.1.17"
},
{
"status": "affected",
"version": "3.6.1.21"
},
{
"status": "affected",
"version": "3.2.1.32"
},
{
"status": "affected",
"version": "3.2.1.33"
},
{
"status": "affected",
"version": "3.6.1.35"
},
{
"status": "affected",
"version": "3.6.1.36"
},
{
"status": "affected",
"version": "3.7.1.5"
},
{
"status": "affected",
"version": "3.6.1.47"
},
{
"status": "affected",
"version": "3.7.1.22"
},
{
"status": "affected",
"version": "3.6.1.52"
},
{
"status": "affected",
"version": "3.7.1.39"
},
{
"status": "affected",
"version": "3.8.1.1"
},
{
"status": "affected",
"version": "3.7.1.51"
},
{
"status": "affected",
"version": "3.8.1.19"
},
{
"status": "affected",
"version": "3.8.1.36"
},
{
"status": "affected",
"version": "3.7.1.59"
},
{
"status": "affected",
"version": "3.8.1.39"
},
{
"status": "affected",
"version": "3.9.1.1"
},
{
"status": "affected",
"version": "3.9.1.10"
},
{
"status": "affected",
"version": "3.9.1.24"
},
{
"status": "affected",
"version": "3.9.1.25"
},
{
"status": "affected",
"version": "3.9.1.28"
},
{
"status": "affected",
"version": "3.9.1.38"
},
{
"status": "affected",
"version": "3.8.1.53"
},
{
"status": "affected",
"version": "3.9.1.52"
},
{
"status": "affected",
"version": "3.10.1.1"
},
{
"status": "affected",
"version": "3.9.1.64"
},
{
"status": "affected",
"version": "3.10.2.11"
},
{
"status": "affected",
"version": "3.9.1.66"
},
{
"status": "affected",
"version": "3.10.3.19"
},
{
"status": "affected",
"version": "3.9.1.69"
},
{
"status": "affected",
"version": "3.10.4.8"
},
{
"status": "affected",
"version": "3.10.5.6"
},
{
"status": "affected",
"version": "4.0.1.1"
},
{
"status": "affected",
"version": "4.0.2.4"
},
{
"status": "affected",
"version": "4.0.2.5"
},
{
"status": "affected",
"version": "3.10.6.3"
},
{
"status": "affected",
"version": "3.10.7.4"
},
{
"status": "affected",
"version": "4.0.3.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the\u0026nbsp;access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the\u0026nbsp;Site Admin role.\r\n\r\nThis vulnerability is due to insufficient validation and authentication when accessing REST API endpoints. An attacker could exploit this vulnerability if they are able to send a crafted API request to an affected endpoint. A successful exploit could allow the attacker to read sensitive information and make configuration changes across tenant boundaries with the privileges of the\u0026nbsp;Site Admin user.\u0026nbsp;"
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "Missing Authentication for Critical Function",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-20T16:06:30.740Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-csw-pnbsa-g8WEnuy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-pnbsa-g8WEnuy"
}
],
"source": {
"advisory": "cisco-sa-csw-pnbsa-g8WEnuy",
"defects": [
"CSCwt99942"
],
"discovery": "INTERNAL"
},
"title": "Cisco Secure Workload Unauthorized API Access Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2026-20223",
"datePublished": "2026-05-20T16:06:30.740Z",
"dateReserved": "2025-10-08T11:59:15.399Z",
"dateUpdated": "2026-05-21T03:55:37.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-20652 (GCVE-0-2022-20652)
Vulnerability from cvelistv5
Published
2024-11-15 15:58
Modified
2024-11-19 16:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system.
This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted HTTP message to the affected system. A successful exploit could allow the attacker to execute commands with root-level privileges. To exploit this vulnerability, an attacker would need valid administrator-level credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Workload |
Version: 2.2.1.41 Version: 3.2.1.18 Version: 3.3.2.50 Version: 3.4.1.28 Version: 3.4.1.34 Version: 2.3.1.45 Version: 2.3.1.41 Version: 3.3.2.28 Version: 3.1.1.59 Version: 2.0.2.20 Version: 2.1.1.33 Version: 2.1.1.29 Version: 3.2.1.28 Version: 3.4.1.35 Version: 3.1.1.65 Version: 3.1.1.67 Version: 2.0.1.34 Version: 2.3.1.49 Version: 2.2.1.39 Version: 3.4.1.19 Version: 3.3.2.23 Version: 3.1.1.61 Version: 3.1.1.54 Version: 3.5.1.17 Version: 3.3.2.33 Version: 3.5.1.1 Version: 2.3.1.53 Version: 3.5.1.20 Version: 3.5.1.30 Version: 3.3.2.16 Version: 3.4.1.6 Version: 2.3.1.50 Version: 2.3.1.52 Version: 3.2.1.19 Version: 2.2.1.35 Version: 3.1.1.53 Version: 3.1.1.70 Version: 3.2.1.20 Version: 3.5.1.2 Version: 1.103.1.12 Version: 2.3.1.51 Version: 3.3.2.42 Version: 3.4.1.1 Version: 3.3.2.12 Version: 2.1.1.31 Version: 3.5.1.23 Version: 3.3.2.53 Version: 3.4.1.14 Version: 3.3.2.2 Version: 3.4.1.20 Version: 3.3.2.35 Version: 1.102.21 Version: 3.3.2.5 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:secure_workload:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "secure_workload",
"vendor": "cisco",
"versions": [
{
"lessThan": "3.5.1.37",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-20652",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T19:42:12.340434Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T16:08:33.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Secure Workload",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.2.1.41"
},
{
"status": "affected",
"version": "3.2.1.18"
},
{
"status": "affected",
"version": "3.3.2.50"
},
{
"status": "affected",
"version": "3.4.1.28"
},
{
"status": "affected",
"version": "3.4.1.34"
},
{
"status": "affected",
"version": "2.3.1.45"
},
{
"status": "affected",
"version": "2.3.1.41"
},
{
"status": "affected",
"version": "3.3.2.28"
},
{
"status": "affected",
"version": "3.1.1.59"
},
{
"status": "affected",
"version": "2.0.2.20"
},
{
"status": "affected",
"version": "2.1.1.33"
},
{
"status": "affected",
"version": "2.1.1.29"
},
{
"status": "affected",
"version": "3.2.1.28"
},
{
"status": "affected",
"version": "3.4.1.35"
},
{
"status": "affected",
"version": "3.1.1.65"
},
{
"status": "affected",
"version": "3.1.1.67"
},
{
"status": "affected",
"version": "2.0.1.34"
},
{
"status": "affected",
"version": "2.3.1.49"
},
{
"status": "affected",
"version": "2.2.1.39"
},
{
"status": "affected",
"version": "3.4.1.19"
},
{
"status": "affected",
"version": "3.3.2.23"
},
{
"status": "affected",
"version": "3.1.1.61"
},
{
"status": "affected",
"version": "3.1.1.54"
},
{
"status": "affected",
"version": "3.5.1.17"
},
{
"status": "affected",
"version": "3.3.2.33"
},
{
"status": "affected",
"version": "3.5.1.1"
},
{
"status": "affected",
"version": "2.3.1.53"
},
{
"status": "affected",
"version": "3.5.1.20"
},
{
"status": "affected",
"version": "3.5.1.30"
},
{
"status": "affected",
"version": "3.3.2.16"
},
{
"status": "affected",
"version": "3.4.1.6"
},
{
"status": "affected",
"version": "2.3.1.50"
},
{
"status": "affected",
"version": "2.3.1.52"
},
{
"status": "affected",
"version": "3.2.1.19"
},
{
"status": "affected",
"version": "2.2.1.35"
},
{
"status": "affected",
"version": "3.1.1.53"
},
{
"status": "affected",
"version": "3.1.1.70"
},
{
"status": "affected",
"version": "3.2.1.20"
},
{
"status": "affected",
"version": "3.5.1.2"
},
{
"status": "affected",
"version": "1.103.1.12"
},
{
"status": "affected",
"version": "2.3.1.51"
},
{
"status": "affected",
"version": "3.3.2.42"
},
{
"status": "affected",
"version": "3.4.1.1"
},
{
"status": "affected",
"version": "3.3.2.12"
},
{
"status": "affected",
"version": "2.1.1.31"
},
{
"status": "affected",
"version": "3.5.1.23"
},
{
"status": "affected",
"version": "3.3.2.53"
},
{
"status": "affected",
"version": "3.4.1.14"
},
{
"status": "affected",
"version": "3.3.2.2"
},
{
"status": "affected",
"version": "3.4.1.20"
},
{
"status": "affected",
"version": "3.3.2.35"
},
{
"status": "affected",
"version": "1.102.21"
},
{
"status": "affected",
"version": "3.3.2.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface and in the API subsystem of Cisco\u0026nbsp;Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system.\r\nThis vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted HTTP message to the affected system. A successful exploit could allow the attacker to execute commands with root-level privileges. To exploit this vulnerability, an attacker would need valid administrator-level credentials.Cisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco\u00a0PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T15:58:58.429Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-tetr-cmd-injc-skrwGO",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO"
},
{
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe"
}
],
"source": {
"advisory": "cisco-sa-tetr-cmd-injc-skrwGO",
"defects": [
"CSCvz80034"
],
"discovery": "INTERNAL"
},
"title": "Cisco Tetration Command Injection Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2022-20652",
"datePublished": "2024-11-15T15:58:58.429Z",
"dateReserved": "2021-11-02T13:28:29.036Z",
"dateUpdated": "2024-11-19T16:08:33.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20136 (GCVE-0-2023-20136)
Vulnerability from cvelistv5
Published
2023-06-28 00:00
Modified
2024-08-02 08:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Summary
A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials.
This vulnerability is due to improper role-based access control (RBAC) of certain OpenAPI operations. An attacker could exploit this vulnerability by issuing a crafted OpenAPI function call with valid credentials. A successful exploit could allow the attacker to execute OpenAPI operations that are reserved for the Administrator user, including the creation and deletion of user labels.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Workload |
Version: 1.102.21 Version: 1.103.1.12 Version: 2.0.1.34 Version: 2.0.2.20 Version: 2.1.1.29 Version: 2.1.1.31 Version: 2.1.1.33 Version: 2.2.1.34 Version: 2.2.1.35 Version: 2.2.1.39 Version: 2.2.1.41 Version: 2.3.1.41 Version: 2.3.1.45 Version: 2.3.1.49 Version: 2.3.1.50 Version: 2.3.1.51 Version: 2.3.1.52 Version: 2.3.1.53 Version: 3.1.1.53 Version: 3.1.1.54 Version: 3.1.1.55 Version: 3.1.1.59 Version: 3.1.1.61 Version: 3.1.1.65 Version: 3.1.1.67 Version: 3.1.1.70 Version: 3.2.1.18 Version: 3.2.1.19 Version: 3.2.1.20 Version: 3.2.1.28 Version: 3.2.1.31 Version: 3.2.1.32 Version: 3.2.1.33 Version: 3.3.2.12 Version: 3.3.2.16 Version: 3.3.2.2 Version: 3.3.2.23 Version: 3.3.2.28 Version: 3.3.2.33 Version: 3.3.2.35 Version: 3.3.2.42 Version: 3.3.2.5 Version: 3.3.2.50 Version: 3.3.2.53 Version: 3.4.1.1 Version: 3.4.1.14 Version: 3.4.1.19 Version: 3.4.1.20 Version: 3.4.1.28 Version: 3.4.1.34 Version: 3.4.1.35 Version: 3.4.1.6 Version: 3.4.1.40 Version: 3.5.1.1 Version: 3.5.1.17 Version: 3.5.1.2 Version: 3.5.1.20 Version: 3.5.1.23 Version: 3.5.1.30 Version: 3.5.1.31 Version: 3.5.1.37 Version: 3.6.1.17 Version: 3.6.1.21 Version: 3.6.1.36 Version: 3.6.1.47 Version: 3.6.1.5 Version: 3.6.1.52 Version: 3.7.1.22 Version: 3.7.1.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:36.064Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-csw-auth-openapi-kTndjdNX",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-auth-openapi-kTndjdNX"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Secure Workload",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.102.21"
},
{
"status": "affected",
"version": "1.103.1.12"
},
{
"status": "affected",
"version": "2.0.1.34"
},
{
"status": "affected",
"version": "2.0.2.20"
},
{
"status": "affected",
"version": "2.1.1.29"
},
{
"status": "affected",
"version": "2.1.1.31"
},
{
"status": "affected",
"version": "2.1.1.33"
},
{
"status": "affected",
"version": "2.2.1.34"
},
{
"status": "affected",
"version": "2.2.1.35"
},
{
"status": "affected",
"version": "2.2.1.39"
},
{
"status": "affected",
"version": "2.2.1.41"
},
{
"status": "affected",
"version": "2.3.1.41"
},
{
"status": "affected",
"version": "2.3.1.45"
},
{
"status": "affected",
"version": "2.3.1.49"
},
{
"status": "affected",
"version": "2.3.1.50"
},
{
"status": "affected",
"version": "2.3.1.51"
},
{
"status": "affected",
"version": "2.3.1.52"
},
{
"status": "affected",
"version": "2.3.1.53"
},
{
"status": "affected",
"version": "3.1.1.53"
},
{
"status": "affected",
"version": "3.1.1.54"
},
{
"status": "affected",
"version": "3.1.1.55"
},
{
"status": "affected",
"version": "3.1.1.59"
},
{
"status": "affected",
"version": "3.1.1.61"
},
{
"status": "affected",
"version": "3.1.1.65"
},
{
"status": "affected",
"version": "3.1.1.67"
},
{
"status": "affected",
"version": "3.1.1.70"
},
{
"status": "affected",
"version": "3.2.1.18"
},
{
"status": "affected",
"version": "3.2.1.19"
},
{
"status": "affected",
"version": "3.2.1.20"
},
{
"status": "affected",
"version": "3.2.1.28"
},
{
"status": "affected",
"version": "3.2.1.31"
},
{
"status": "affected",
"version": "3.2.1.32"
},
{
"status": "affected",
"version": "3.2.1.33"
},
{
"status": "affected",
"version": "3.3.2.12"
},
{
"status": "affected",
"version": "3.3.2.16"
},
{
"status": "affected",
"version": "3.3.2.2"
},
{
"status": "affected",
"version": "3.3.2.23"
},
{
"status": "affected",
"version": "3.3.2.28"
},
{
"status": "affected",
"version": "3.3.2.33"
},
{
"status": "affected",
"version": "3.3.2.35"
},
{
"status": "affected",
"version": "3.3.2.42"
},
{
"status": "affected",
"version": "3.3.2.5"
},
{
"status": "affected",
"version": "3.3.2.50"
},
{
"status": "affected",
"version": "3.3.2.53"
},
{
"status": "affected",
"version": "3.4.1.1"
},
{
"status": "affected",
"version": "3.4.1.14"
},
{
"status": "affected",
"version": "3.4.1.19"
},
{
"status": "affected",
"version": "3.4.1.20"
},
{
"status": "affected",
"version": "3.4.1.28"
},
{
"status": "affected",
"version": "3.4.1.34"
},
{
"status": "affected",
"version": "3.4.1.35"
},
{
"status": "affected",
"version": "3.4.1.6"
},
{
"status": "affected",
"version": "3.4.1.40"
},
{
"status": "affected",
"version": "3.5.1.1"
},
{
"status": "affected",
"version": "3.5.1.17"
},
{
"status": "affected",
"version": "3.5.1.2"
},
{
"status": "affected",
"version": "3.5.1.20"
},
{
"status": "affected",
"version": "3.5.1.23"
},
{
"status": "affected",
"version": "3.5.1.30"
},
{
"status": "affected",
"version": "3.5.1.31"
},
{
"status": "affected",
"version": "3.5.1.37"
},
{
"status": "affected",
"version": "3.6.1.17"
},
{
"status": "affected",
"version": "3.6.1.21"
},
{
"status": "affected",
"version": "3.6.1.36"
},
{
"status": "affected",
"version": "3.6.1.47"
},
{
"status": "affected",
"version": "3.6.1.5"
},
{
"status": "affected",
"version": "3.6.1.52"
},
{
"status": "affected",
"version": "3.7.1.22"
},
{
"status": "affected",
"version": "3.7.1.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials.\r\n\r This vulnerability is due to improper role-based access control (RBAC) of certain OpenAPI operations. An attacker could exploit this vulnerability by issuing a crafted OpenAPI function call with valid credentials. A successful exploit could allow the attacker to execute OpenAPI operations that are reserved for the Administrator user, including the creation and deletion of user labels."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "Incorrect Use of Privileged APIs",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:48.042Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-csw-auth-openapi-kTndjdNX",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csw-auth-openapi-kTndjdNX"
}
],
"source": {
"advisory": "cisco-sa-csw-auth-openapi-kTndjdNX",
"defects": [
"CSCwe74218"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20136",
"datePublished": "2023-06-28T00:00:00.000Z",
"dateReserved": "2022-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-02T08:57:36.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34789 (GCVE-0-2021-34789)
Vulnerability from cvelistv5
Published
2021-10-21 02:50
Modified
2024-11-07 21:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Secure Workload |
Version: n/a |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:19:48.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20211020 Cisco Tetration Stored Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sec-work-xss-t6SYtu8Q"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-34789",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:39:57.294268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:47:00.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Secure Workload",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-10-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T02:50:28.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20211020 Cisco Tetration Stored Cross-Site Scripting Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sec-work-xss-t6SYtu8Q"
}
],
"source": {
"advisory": "cisco-sa-sec-work-xss-t6SYtu8Q",
"defect": [
[
"CSCvz50570"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco Tetration Stored Cross-Site Scripting Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-10-20T16:00:00",
"ID": "CVE-2021-34789",
"STATE": "PUBLIC",
"TITLE": "Cisco Tetration Stored Cross-Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Secure Workload",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Tetration could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack on an affected system. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "4.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20211020 Cisco Tetration Stored Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sec-work-xss-t6SYtu8Q"
}
]
},
"source": {
"advisory": "cisco-sa-sec-work-xss-t6SYtu8Q",
"defect": [
[
"CSCvz50570"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-34789",
"datePublished": "2021-10-21T02:50:28.278Z",
"dateReserved": "2021-06-15T00:00:00.000Z",
"dateUpdated": "2024-11-07T21:47:00.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}