A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device.
The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device.
References
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
Configuration 9 (hide)
| AND |
|
Configuration 10 (hide)
| AND |
|
Configuration 11 (hide)
| AND |
|
Configuration 12 (hide)
| AND |
|
Configuration 13 (hide)
| AND |
|
Configuration 14 (hide)
| AND |
|
Configuration 15 (hide)
| AND |
|
Configuration 16 (hide)
| AND |
|
History
21 Nov 2024, 07:40
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW - Vendor Advisory |
21 Jul 2023, 16:39
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW - Vendor Advisory | |
| CWE | NVD-CWE-noinfo | |
| CPE | cpe:2.3:h:cisco:broadworks_application_server:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_xtended_services_platform_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_application_delivery_platform_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_execution_server_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_application_server_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_network_database_server_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_messaging_server_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_webrtc_server_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_xtended_services_platform_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_media_server_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_network_database_server_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_execution_server_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_network_function_manager_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:broadworks_video_server:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_network_server_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_profile_server_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_webrtc_server_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_sharing_server_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_profile_server_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_database_troubleshooting_server_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_execution_server_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:broadworks_network_function_manager:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:broadworks_media_server:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_xtended_services_platform_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_video_server_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:broadworks_network_database_server:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:broadworks_application_delivery_platform:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_service_control_function_server_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_service_control_function_server_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:broadworks_sharing_server:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_video_server_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_sharing_server_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_application_delivery_platform_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_media_server_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:broadworks_webrtc_server:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:broadworks_messaging_server:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_network_server_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_network_database_server_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_messaging_server_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:broadworks_database_server:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_service_control_function_server_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_application_server_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:broadworks_execution_server:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_database_troubleshooting_server_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_webrtc_server_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_media_server_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_database_server_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_sharing_server_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_network_function_manager_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_database_server_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:broadworks_service_control_function_server:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_video_server_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:broadworks_network_server:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_messaging_server_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_database_server_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_database_troubleshooting_server_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_application_delivery_platform_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_network_server_firmware:24.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_application_server_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_profile_server_firmware:23.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:broadworks_profile_server:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:broadworks_network_function_manager_firmware:25.0:*:*:*:*:*:*:* cpe:2.3:h:cisco:broadworks_database_troubleshooting_server:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:broadworks_xtended_services_platform:-:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.0 |
| First Time |
Cisco broadworks Execution Server
Cisco broadworks Database Troubleshooting Server Firmware Cisco broadworks Messaging Server Cisco broadworks Webrtc Server Firmware Cisco broadworks Database Server Firmware Cisco broadworks Xtended Services Platform Cisco broadworks Execution Server Firmware Cisco broadworks Application Server Firmware Cisco broadworks Application Delivery Platform Firmware Cisco broadworks Database Troubleshooting Server Cisco broadworks Profile Server Cisco broadworks Database Server Cisco broadworks Messaging Server Firmware Cisco broadworks Application Server Cisco broadworks Service Control Function Server Cisco broadworks Application Delivery Platform Cisco broadworks Network Function Manager Firmware Cisco broadworks Video Server Firmware Cisco broadworks Network Server Cisco broadworks Sharing Server Cisco broadworks Sharing Server Firmware Cisco Cisco broadworks Xtended Services Platform Firmware Cisco broadworks Video Server Cisco broadworks Network Database Server Cisco broadworks Network Server Firmware Cisco broadworks Media Server Firmware Cisco broadworks Service Control Function Server Firmware Cisco broadworks Network Function Manager Cisco broadworks Profile Server Firmware Cisco broadworks Media Server Cisco broadworks Webrtc Server Cisco broadworks Network Database Server Firmware |
12 Jul 2023, 15:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-07-12 14:15
Updated : 2024-11-21 07:40
NVD link : CVE-2023-20210
Mitre link : CVE-2023-20210
CVE.ORG link : CVE-2023-20210
JSON object : View
Products Affected
cisco
- broadworks_application_server
- broadworks_network_database_server
- broadworks_profile_server_firmware
- broadworks_webrtc_server_firmware
- broadworks_media_server
- broadworks_execution_server
- broadworks_database_troubleshooting_server
- broadworks_service_control_function_server
- broadworks_sharing_server
- broadworks_webrtc_server
- broadworks_service_control_function_server_firmware
- broadworks_messaging_server_firmware
- broadworks_network_function_manager_firmware
- broadworks_media_server_firmware
- broadworks_xtended_services_platform
- broadworks_video_server
- broadworks_execution_server_firmware
- broadworks_xtended_services_platform_firmware
- broadworks_network_server_firmware
- broadworks_database_server
- broadworks_database_troubleshooting_server_firmware
- broadworks_application_delivery_platform
- broadworks_network_server
- broadworks_network_function_manager
- broadworks_profile_server
- broadworks_application_delivery_platform_firmware
- broadworks_sharing_server_firmware
- broadworks_network_database_server_firmware
- broadworks_database_server_firmware
- broadworks_application_server_firmware
- broadworks_video_server_firmware
- broadworks_messaging_server
CWE