CVE-2023-20258

CWE-284Improper Access ControlCWE-80CWE-89SQL Injection4 documents4 sources
Severity
7.2HIGH
EPSS
0.0%
top 85.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Evolved Programmable Network ManagerCisco Prime InfrastructureCisco Cisco Prime Infrastructure
Timeline
PublishedJan 17

Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected application. An attacker could exploit this vulnerability by uploading a document containing malicious serialized Java objects to be processed by the affected application. A successful exploit could allow the att

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages3 packages

CVEListV5cisco/cisco_prime_infrastructure143 versions+142

🔴Vulnerability Details

2
CVEList
CVE-2023-20258: A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary2024-01-17
GHSA
GHSA-7pgw-v8m2-c4f9: A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary2024-01-17

📋Vendor Advisories

1
Cisco
Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Vulnerabilities2024-01-10
CVE-2023-20258 (HIGH CVSS 7.2) | A vulnerability in the web-based ma | cvebase.io