cbcvebase.
CVE-2023-20013
published 2023-08-16

CVE-2023-20013: Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using…

PriorityP260critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
0.71%
49.0th percentile
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

Affected

43 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered by uploading a crafted software package to the Cisco Intersight Private Virtual Appliance; monitor for unusual or unexpected software package uploads by Administrator-level accounts.
  • The exploit results in OS command execution with root-level privileges; monitor for unexpected root-level process spawning on Cisco Intersight Private Virtual Appliance hosts, particularly processes spawned during or after software package extraction.
  • Root cause is insufficient input validation during software package extraction (CWE-78 OS Command Injection); focus detection on the package extraction pipeline for unsanitized filenames or embedded shell metacharacters.
  • ·Exploitation requires the attacker to already hold Administrator privileges on the affected device; detections should be scoped to privileged/admin-authenticated sessions.
  • ·Two distinct bug IDs are tracked under this advisory (CSCwc35159, CSCwc35166), indicating multiple vulnerable code paths related to software package extraction; both should be patched.
  • ·There are no workarounds available; patching to the fixed software version is the only mitigation.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
vendor_cisco6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.