cbcvebase.
CVE-2023-20017
published 2023-08-16

CVE-2023-20017: Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using…

PriorityP260critical9.1CVSS 3.1
AVNACLPRHUINSCCHIHAH
EPSS
0.71%
49.0th percentile
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

Affected

38 ranges· showing 25
VendorProductVersion rangeFixed in
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance
ciscocisco_intersight_virtual_appliance

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered by uploading a crafted software package to the Cisco Intersight Private Virtual Appliance; monitor for unexpected or unauthorized software package uploads by Administrator-level accounts.
  • Root-level OS command execution follows a successful exploit; monitor for anomalous root-level process spawning on the Intersight Private Virtual Appliance host, particularly processes descended from the software package extraction workflow.
  • The root cause is insufficient input validation during software package extraction (CWE-78 OS Command Injection); audit and alert on shell metacharacters or unexpected command sequences in package metadata/filenames processed during extraction.
  • ·Exploitation requires the attacker to already hold Administrator privileges on the affected device; scope detection efforts to privileged account activity.
  • ·Two distinct bug IDs (CSCwc35159 and CSCwc35166) are associated with this advisory, indicating multiple vulnerable code paths related to software package extraction; both should be addressed by patching.
  • ·No workarounds exist for these vulnerabilities; patching to a fixed software version is the only remediation.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
vendor_cisco6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.