What is CVE-2023-20253?

A high-severity vulnerability in Cisco SD-WAN vManage could allow an authenticated attacker to bypass authorization and roll back configurations. Immediate action is required to mitigate this risk.

What is the severity of CVE-2023-20253?

CVE-2023-20253 has a severity rating of HIGH with a CVSS base score of 7.1.

CVE-2023-20253 | High Vulnerability in Cisco SD-WAN vManage

A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and roll back the configuration on vManage controllers and edge router devices. This vulnerability is due to improper access control in the cli-management interface of an affected system. An attacker with low-privilege (read-only) access to the cli could exploit this vulnerability by sending a request to roll back the configuration on other controllers and devices managed by an affected system. A successful exploit could allow the attacker to roll back the configuration on other controllers and devices managed by an affected system.

The severity level of this vulnerability is high, with a CVSS score of 7.1. The implications of such a vulnerability are significant, as it allows unauthorized configuration changes, potentially impacting the functionality and security posture of the affected systems. Organizations leveraging Cisco SD-WAN vManage need to be aware of this vulnerability and take immediate action to address it.

Currently, there are no known exploits for this vulnerability, and it has not been included in the Known Exploited Vulnerabilities (KEV) catalog. However, given the nature of the vulnerability, it is essential for organizations to prioritize patching the affected systems without delay.

Organizations should prioritize patching immediately. The remediation involves updating to the latest versions of the Cisco SD-WAN vManage and Catalyst SD-WAN Manager components to mitigate the risk associated with this vulnerability.

Vulnerability Details

The vulnerability allows an attacker to bypass authorization controls within the CLI management interface, potentially leading to unauthorized configuration changes.

The vulnerability falls under the CWE-286 classification, which signifies improper access control. The attack vector is local, and the impact on integrity and availability is high.

The affected products include Cisco Catalyst SD-WAN Manager versions 20.7, 20.8, 20.9, 20.11, and Cisco SD-WAN vManage versions prior to 20.6.2, as well as version 20.10.

Technical Analysis

The root cause of this vulnerability is improper access control, which allows a low-privilege user to send unauthorized rollback requests. The attack vector is local, meaning that an attacker must have physical or network access to the affected systems.

The attack complexity is low, and no user interaction is required for the exploit to succeed. The confidentiality impact is none, as the attacker would not gain access to sensitive data, but the integrity and availability impacts are high, as configurations may be altered without authorization.

Risk & Impact Analysis

Risk to organizations includes unauthorized configuration changes that could lead to operational disruptions or security breaches. The potential blast radius is significant, especially for organizations that rely heavily on Cisco SD-WAN for their network operations.

Given the high CVSS score, organizations should address this vulnerability in their priority patch cycle. Timely remediation is crucial to prevent exploitation of this vulnerability.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The following versions are affected by this vulnerability: Cisco Catalyst SD-WAN Manager versions 20.7, 20.8, 20.9, 20.11, and Cisco SD-WAN vManage versions up to 20.6.2 and including 20.10.

Mitigation & Remediation

Organizations should update to the latest versions of the affected Cisco SD-WAN products to mitigate this vulnerability. Configuration hardening and network controls should also be implemented where applicable.

For further details on security practices, organizations can refer to the penetration testing services provided by AppSecure.

Detection Guidance

Organizations should monitor logs for unauthorized rollback requests and analyze system behaviors for anomalies that may indicate exploitation attempts.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability lies in its potential to undermine the integrity and availability of critical network infrastructure. Security teams should learn from this incident to strengthen their access control mechanisms and improve their overall security posture.

To better secure your systems, organizations may consider implementing security assessments, such as the application security assessment to identify potential weaknesses.

Additionally, conducting regular continuous penetration testing can help ensure that vulnerabilities are identified and remediated promptly.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-20253: High Vulnerability in Cisco SD-WAN vManage