CVE-2023-20217

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Aug 16, 2023
Updated: Jan 25, 2024
CWE ID 250

Summary

CVE-2023-20217 is a recently disclosed vulnerability affecting the CLI of Cisco ThousandEyes Enterprise Agent, specifically the Virtual Appliance installation type. This issue grants authenticated, local attackers the ability to elevate privileges on susceptible devices. The cause of this vulnerability stems from insufficient input validation implemented in the operating system CLI. Malicious users may leverage this flaw by employing sudo with specific commands, potentially granting them access to view arbitrary files with root permissions on the underlying OS. To exploit the vulnerability, an attacker must possess legitimate credentials for the affected device.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share