CVE-2023-20036
CVSS 3.1 Score 9.9 of 10 (high)
Details
Published Nov 15, 2024
CWE ID 78
Summary
CVE-2023-20036 is a vulnerability in the web UI of Cisco Industrial Network Director (IND). It allows authenticated, remote attackers to execute arbitrary commands with administrative privileges on the underlying operating system of affected devices. This issue arises due to improper input validation during Device Pack uploads. An attacker can manipulate the upload request, leading to potential command execution as NT AUTHORITY\\SYSTEM. No workarounds are available, and Cisco has released software updates to address this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share