KB-2268 Information about the Cisco IOS XE Software (CVE-2023-20198 & CVE-2023-20273)https://community.appian.com/support/w/kb/3411/kb-2268-information-about-the-cisco-ios-xe-software-cve-2023-20198-cve-2023-20273en-USTelligent Community 12KB-2268 Information about the Cisco IOS XE Software (CVE-2023-20198 & CVE-2023-20273)https://community.appian.com/support/w/kb/3411/kb-2268-information-about-the-cisco-ios-xe-software-cve-2023-20198-cve-2023-20273Wed, 01 Nov 2023 21:40:09 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:38d8d1a3-4c64-4165-9704-ced08913abb0Kevin Kleineggerhttps://community.appian.com/support/w/kb/3411/kb-2268-information-about-the-cisco-ios-xe-software-cve-2023-20198-cve-2023-20273#commentsCurrent Revision posted to Appian Knowledge Base by Kevin Kleinegger on 11/1/2023 9:40:09 PM<br /> <p><span style="font-weight:400;">On 27-Oct-2023, CISA released a </span><a href="https://www.cisa.gov/news-events/alerts/2023/10/27/cisa-updates-guidance-addressing-cisco-ios-xe-web-ui-vulnerabilities-additional-releases"><span style="font-weight:400;">security advisory</span></a><span style="font-weight:400;"> for all organizations utilizing Cisco&rsquo;s Internetworking Operating System (IOS) XE Software Web User Interface (UI).</span></p> <p><span style="font-weight:400;">Upon assessing the Appian platform against all details of the CVEs (CVE-2023-20198 and CVE-2023-20273), we can confirm that the Appian platform is not impacted by the vulnerability described in the security advisory. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <h2><span style="font-weight:400;">Additional Notes:</span></h2> <p><span style="font-weight:400;">The following CVEs were released with additional information on the scope of the vulnerability:</span></p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-20198"><span style="font-weight:400;">CVE-2023-20198</span></a><span style="font-weight:400;"> - (Vulnerability in the web UI feature of Cisco IOS XE Software)</span><span style="font-weight:400;"><br /></span><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-20273"><span style="font-weight:400;">CVE-2023-20273</span></a><span style="font-weight:400;"> - (Vulnerability in the web UI feature of Cisco IOS XE Software)</span><span style="font-weight:400;"><br /></span><span style="font-weight:400;"><br /></span><span style="font-weight:400;">Supporting Documentation:</span></p> <ul> <li style="font-weight:400;"><a href="https://www.cisa.gov/news-events/alerts/2023/10/27/cisa-updates-guidance-addressing-cisco-ios-xe-web-ui-vulnerabilities-additional-releases"><span style="font-weight:400;">https://www.cisa.gov/news-events/alerts/2023/10/27/cisa-updates-guidance-addressing-cisco-ios-xe-web-ui-vulnerabilities-additional-releases</span></a></li> <li style="font-weight:400;"><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z"><span style="font-weight:400;">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z</span><span style="font-weight:400;"><br /><br /></span></a></li> </ul> <h2><span style="font-weight:400;">Affected Versions</span></h2> <p><span style="font-weight:400;">This article applies to all supported versions of Appian.</span></p> <p><span style="font-weight:400;">Last reviewed: October 31, 2023</span></p><div style="clear:both;"></div> <div style="font-size: 90%;">Tags: Security</div> DRAFT SP-9355 Information about the Cisco IOS XE Software (CVE-2023-20198 & CVE-2023-20273)https://community.appian.com/support/w/kb/3411/kb-2268-information-about-the-cisco-ios-xe-software-cve-2023-20198-cve-2023-20273/revision/1Wed, 01 Nov 2023 21:38:39 GMTd3a83456-d57b-489c-a84c-4e8267bb592a:38d8d1a3-4c64-4165-9704-ced08913abb0Kevin Kleineggerhttps://community.appian.com/support/w/kb/3411/kb-2268-information-about-the-cisco-ios-xe-software-cve-2023-20198-cve-2023-20273#commentsRevision 1 posted to Appian Knowledge Base by Kevin Kleinegger on 11/1/2023 9:38:39 PM<br /> <p><span style="font-weight:400;">On 27-Oct-2023, CISA released a </span><a href="https://www.cisa.gov/news-events/alerts/2023/10/27/cisa-updates-guidance-addressing-cisco-ios-xe-web-ui-vulnerabilities-additional-releases"><span style="font-weight:400;">security advisory</span></a><span style="font-weight:400;"> for all organizations utilizing Cisco&rsquo;s Internetworking Operating System (IOS) XE Software Web User Interface (UI).</span></p> <p><span style="font-weight:400;">Upon assessing the Appian platform against all details of the CVEs (CVE-2023-20198 and CVE-2023-20273), we can confirm that the Appian platform is not impacted by the vulnerability described in the security advisory. We will continue to monitor the situation and provide any updates as appropriate.</span></p> <h2><span style="font-weight:400;">Additional Notes:</span></h2> <p><span style="font-weight:400;">The following CVEs were released with additional information on the scope of the vulnerability:</span></p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-20198"><span style="font-weight:400;">CVE-2023-20198</span></a><span style="font-weight:400;"> - (Vulnerability in the web UI feature of Cisco IOS XE Software)</span><span style="font-weight:400;"><br /></span><a href="https://nvd.nist.gov/vuln/detail/CVE-2023-20273"><span style="font-weight:400;">CVE-2023-20273</span></a><span style="font-weight:400;"> - (Vulnerability in the web UI feature of Cisco IOS XE Software)</span><span style="font-weight:400;"><br /></span><span style="font-weight:400;"><br /></span><span style="font-weight:400;">Supporting Documentation:</span></p> <ul> <li style="font-weight:400;"><a href="https://www.cisa.gov/news-events/alerts/2023/10/27/cisa-updates-guidance-addressing-cisco-ios-xe-web-ui-vulnerabilities-additional-releases"><span style="font-weight:400;">https://www.cisa.gov/news-events/alerts/2023/10/27/cisa-updates-guidance-addressing-cisco-ios-xe-web-ui-vulnerabilities-additional-releases</span></a></li> <li style="font-weight:400;"><a href="https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z"><span style="font-weight:400;">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z</span><span style="font-weight:400;"><br /><br /></span></a></li> </ul> <h2><span style="font-weight:400;">Affected Versions</span></h2> <p><span style="font-weight:400;">This article applies to all supported versions of Appian.</span></p> <p><span style="font-weight:400;">Last reviewed: October 31, 2023</span></p><div style="clear:both;"></div> <div style="font-size: 90%;">Tags: Security</div>