CVE-2023-20013

Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.
Configurations

Configuration 1 (hide)

cpe:2.3:a:cisco:intersight_private_virtual_appliance:1.0.9:*:*:*:*:*:*:*

History

21 Nov 2024, 07:40

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.1
v2 : unknown
v3 : 6.5
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy - Vendor Advisory () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy - Vendor Advisory

23 Aug 2023, 20:50

Type Values Removed Values Added
First Time Cisco intersight Private Virtual Appliance
Cisco
CPE cpe:2.3:a:cisco:intersight_private_virtual_appliance:1.0.9:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
CWE CWE-77
References (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy - (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy - Vendor Advisory

16 Aug 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-16 22:15

Updated : 2024-11-21 07:40


NVD link : CVE-2023-20013

Mitre link : CVE-2023-20013

CVE.ORG link : CVE-2023-20013


JSON object : View

Products Affected

cisco

  • intersight_private_virtual_appliance
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')