CVE-2023-20039

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 15, 2024
CWE ID 552

Summary

CVE-2023-20039 is a vulnerability affecting Cisco IND that allows authenticated, local attackers to read application data. This issue arises due to insufficient default file permissions on the application data directory. An attacker could exploit this vulnerability by accessing files in the application data directory, potentially resulting in the disclosure of sensitive information. Cisco has released software updates to address this vulnerability, and no workarounds are currently available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share