CVE-2023-20210Execution with Unnecessary Privileges in Cisco Broadworks

CWE-250Execution with Unnecessary Privileges4 documents4 sources
Severity
6.0MEDIUMNVD
EPSS
0.0%
top 93.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
17
Cisco BroadworksCisco Broadworks Application Delivery Platform FirmwareCisco Broadworks Application Server Firmware+14 more
Timeline
PublishedJul 12

Description

A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative pri

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.8 | Impact: 5.2

Affected Packages17 packages

CVEListV5cisco/cisco_broadworks9196 versions+9195
NVDcisco/broadworks_media23.0, 24.0, 25.0+2
NVDcisco/broadworks_video23.0, 24.0, 25.0+2
NVDcisco/broadworks_webrtc23.0, 24.0, 25.0+2
NVDcisco/broadworks_network23.0, 24.0, 25.0+2

🔴Vulnerability Details

2
CVEList
CVE-2023-20210: A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device2023-07-12
GHSA
GHSA-4hhj-h38j-ccw8: A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device2023-07-12

📋Vendor Advisories

1
Cisco
Cisco BroadWorks Privilege Escalation Vulnerability2023-07-05