CVE-2023-20013
CVSS 3.1 Score 9.1 of 10 (high)
Details
Summary
CVE-2023-20013 refers to a set of vulnerabilities in Cisco Intersight Private Virtual Appliance. These issues allow authenticated, remote attackers to execute arbitrary commands with root-level privileges. The vulnerabilities stem from insufficient input validation during the extraction of uploaded software packages. For an attack to be successful, the adversary must first gain Administrator privileges on the targeted device. Exploiting these vulnerabilities could enable the attacker to run commands on the underlying operating system with ultimate system access.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.