2 matches found
CVE-2023-20013
CVE-2023-20013 relates to multiple command-injection vulnerabilities in Cisco Intersight Private Virtual Appliance. The underlying issue is insufficient input validation when extracting uploaded software packages, which allows an authenticated attacker with Administrator privileges to upload a cr...
CVE-2023-20017
CVE-2023-20017 affects Cisco Intersight Private Virtual Appliance. The root cause is insufficient input validation when extracting uploaded software packages, enabling an authenticated administrator to upload a crafted package and execute arbitrary commands on the underlying OS with root privileg...