CVE-2023-20217
CVSS 3.1 Score 5.5 of 10 (medium)
Details
Summary
CVE-2023-20217 is a recently disclosed vulnerability affecting the CLI of Cisco ThousandEyes Enterprise Agent, specifically the Virtual Appliance installation type. This issue grants authenticated, local attackers the ability to elevate privileges on susceptible devices. The cause of this vulnerability stems from insufficient input validation implemented in the operating system CLI. Malicious users may leverage this flaw by employing sudo with specific commands, potentially granting them access to view arbitrary files with root permissions on the underlying OS. To exploit the vulnerability, an attacker must possess legitimate credentials for the affected device.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.