CVE-2023-20260

CWE-284 — Improper Access Control CWE-88 CWE-80 CWE-89 — SQL Injection CWE-745 documents5 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 94.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Evolved Programmable Network Manager Cisco Prime Infrastructure Cisco Cisco Evolved Programmable Network Manager (epnm)+1 more

Timeline

PublishedJan 17

Description

A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underl…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:NExploitability: 0.8 | Impact: 5.2

Affected Packages4 packages

▶NVDcisco/evolved_programmable_network_manager< 7.1.1

▶CVEListV5cisco/cisco_evolved_programmable_network_manager_(epnm)92 versions+91

▶NVDcisco/prime_infrastructure< 3.10.4+1

▶CVEListV5cisco/cisco_prime_infrastructure143 versions+142

🔴Vulnerability Details

GHSA

GHSA-96c9-2v9p-9chw: A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, loca↗2024-01-17

▶

CVEList

CVE-2023-20260: A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, loca↗2024-01-17

▶

GHSA

XWiki Platform vulnerable to code injection from account/view through VFS Tree macro↗2023-04-20

▶

📋Vendor Advisories

Cisco

Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Vulnerabilities↗2024-01-10

▶