CVE-2023-20036

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Nov 15, 2024
CWE ID 78

Summary

CVE-2023-20036 is a vulnerability in the web UI of Cisco Industrial Network Director (IND). It allows authenticated, remote attackers to execute arbitrary commands with administrative privileges on the underlying operating system of affected devices. This issue arises due to improper input validation during Device Pack uploads. An attacker can manipulate the upload request, leading to potential command execution as NT AUTHORITY\\SYSTEM. No workarounds are available, and Cisco has released software updates to address this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share