← Back

CVE-2023-20163

nvd nist
Published: May 18, 2023Modified: Nov 21, 2024

JSON object

Loading...
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD

Description

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Affected (17)

Cisco
1 product
Identity Services Engine
Configuration A
17 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Identity Services Engine
Up to 2.7
Identity Services Engine
Version 3.0.0
Identity Services Engine
Version 3.0.0 patch1
Identity Services Engine
Version 3.0.0 patch2
Identity Services Engine
Version 3.0.0 patch3
Identity Services Engine
Version 3.0.0 patch4
Identity Services Engine
Version 3.0.0 patch5
Identity Services Engine
Version 3.0.0 patch6
Identity Services Engine
Version 3.0.0 patch7
Identity Services Engine
Version 3.1
Identity Services Engine
Version 3.1 patch1
Identity Services Engine
Version 3.1 patch3
Identity Services Engine
Version 3.1 patch4
Identity Services Engine
Version 3.1 patch5
Identity Services Engine
Version 3.1 patch6
Identity Services Engine
Version 3.2
Identity Services Engine
Version 3.2 patch1

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.