CVE-2023-20039

CWE-552Files Accessible to External PartiesCWE-78OS Command Injection4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 89.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Industrial Network DirectorCisco Cisco Industrial Network Director
Timeline
PublishedNov 15

Description

A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the application data directory. A successful exploit could allow the attacker to view sensitive information. Cisco has released software updates that address this vulnerability. There are no workarounds that addre

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_industrial_network_director20 versions+19

🔴Vulnerability Details

2
CVEList
Cisco Industrial Network Director File Permissions2024-11-15
GHSA
GHSA-qw62-27cx-6cqg: A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data2024-11-15

📋Vendor Advisories

1
Cisco
Cisco Industrial Network Director Vulnerabilities2023-04-19
CVE-2023-20039 (MEDIUM CVSS 5.5) | A vulnerability in Cisco IND could | cvebase.io