CVE-2023-20017
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.7%
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.
These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco:intersight_private_virtual_appliance | cisco intersight private virtual appliance | eq | 1.0.9 |
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco Intersight Virtual Appliance",
"versions": [
{
"version": "1.0.9-113",
"status": "affected"
},
{
"version": "1.0.9-148",
"status": "affected"
},
{
"version": "1.0.9-230",
"status": "affected"
},
{
"version": "1.0.9-53",
"status": "affected"
},
{
"version": "1.0.9-7",
"status": "affected"
},
{
"version": "1.0.9-197",
"status": "affected"
},
{
"version": "1.0.9-170",
"status": "affected"
},
{
"version": "1.0.9-149",
"status": "affected"
},
{
"version": "1.0.9-278",
"status": "affected"
},
{
"version": "1.0.9-184",
"status": "affected"
},
{
"version": "1.0.9-232",
"status": "affected"
},
{
"version": "1.0.9-83",
"status": "affected"
},
{
"version": "1.0.9-90",
"status": "affected"
},
{
"version": "1.0.9-97",
"status": "affected"
},
{
"version": "1.0.9-125",
"status": "affected"
},
{
"version": "1.0.9-250",
"status": "affected"
},
{
"version": "1.0.9-77",
"status": "affected"
},
{
"version": "1.0.9-133",
"status": "affected"
},
{
"version": "1.0.9-67",
"status": "affected"
},
{
"version": "1.0.9-214",
"status": "affected"
},
{
"version": "1.0.9-103",
"status": "affected"
},
{
"version": "1.0.9-266",
"status": "affected"
},
{
"version": "1.0.9-13",
"status": "affected"
},
{
"version": "1.0.9-164",
"status": "affected"
},
{
"version": "1.0.9-292",
"status": "affected"
},
{
"version": "1.0.9-302",
"status": "affected"
},
{
"version": "1.0.9-319",
"status": "affected"
},
{
"version": "1.0.9-343",
"status": "affected"
},
{
"version": "1.0.9-360",
"status": "affected"
},
{
"version": "1.0.9-361",
"status": "affected"
},
{
"version": "1.0.9-378",
"status": "affected"
},
{
"version": "1.0.9-389",
"status": "affected"
},
{
"version": "1.0.9-402",
"status": "affected"
},
{
"version": "1.0.9-428",
"status": "affected"
},
{
"version": "1.0.9-442",
"status": "affected"
},
{
"version": "1.0.9-456",
"status": "affected"
}
]
}
]Related
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
28.7%