Lucene search

[email protected]NVD:CVE-2023-20260

HistoryJan 17, 2024 - 5:15 p.m.

CVE-2023-20260

2024-01-1717:15:10

CWE-284

CWE-88

[email protected]

web.nvd.nist.gov

cisco

prime infrastructure

evolved programmable network manager

vulnerability

local attacker

escalated privileges

command line

exploit

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system.

Affected configurations

NVD

Node

ciscoevolved_programmable_network_managerRange<7.1.1

ciscoprime_infrastructureRange<3.10.4

ciscoprime_infrastructureMatch3.10.4-

ciscoprime_infrastructureMatch3.10.4update_1

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-20260

prion1 cvelist1 cve1 nessus2 cisco1