{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"IOS XE versions 17.6.x ant\u00e9rieures \u00e0 17.6.6a","product":{"name":"IOS XE","vendor":{"name":"Cisco","scada":false}}},{"description":"IOS XE sur Catalyst 3650 et 3850 versions 16.12.x ant\u00e9rieures \u00e0 16.12.10a","product":{"name":"IOS XE","vendor":{"name":"Cisco","scada":false}}},{"description":"IOS XE versions 17.3.x ant\u00e9rieures \u00e0 17.3.8a","product":{"name":"IOS XE","vendor":{"name":"Cisco","scada":false}}},{"description":"IOS XE versions 17.9.x ant\u00e9rieures \u00e0 17.9.4a","product":{"name":"IOS XE","vendor":{"name":"Cisco","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-20198","url":"https://www.cve.org/CVERecord?id=CVE-2023-20198"},{"name":"CVE-2023-20273","url":"https://www.cve.org/CVERecord?id=CVE-2023-20273"}],"links":[],"reference":"CERTFR-2023-AVI-0878","revisions":[{"description":"Version initiale","revision_date":"2023-10-23T00:00:00.000000"},{"description":"Les versions 17.6.6a et 16.12.10a sont disponibles.","revision_date":"2023-10-30T00:00:00.000000"},{"description":"La version 17.3.8a est disponible.","revision_date":"2023-11-03T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Cisco IOS XE. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nun contournement de la politique de s\u00e9curit\u00e9 et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n\nCes vuln\u00e9rabilit\u00e9s sont activement exploit\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans Cisco IOS XE","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-iosxe-webui-privesc-j22SaA4z du 16 octobre 2023","url":"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z"}]}