CVE-2023-20013

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Aug 16, 2023
Updated: Jan 25, 2024
CWE ID 78
CWE ID 77

Summary

CVE-2023-20013 refers to a set of vulnerabilities in Cisco Intersight Private Virtual Appliance. These issues allow authenticated, remote attackers to execute arbitrary commands with root-level privileges. The vulnerabilities stem from insufficient input validation during the extraction of uploaded software packages. For an attack to be successful, the adversary must first gain Administrator privileges on the targeted device. Exploiting these vulnerabilities could enable the attacker to run commands on the underlying operating system with ultimate system access.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share