A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 07:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.0 |
24 Jan 2024, 18:41
Type | Values Removed | Values Added |
---|---|---|
References | () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq - Vendor Advisory | |
First Time |
Cisco prime Infrastructure
Cisco Cisco evolved Programmable Network Manager |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
CWE | CWE-88 | |
CPE | cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:* cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:prime_infrastructure:3.10.4:update_1:*:*:*:*:*:* cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:* |
17 Jan 2024, 17:35
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-17 17:15
Updated : 2024-11-21 07:41
NVD link : CVE-2023-20260
Mitre link : CVE-2023-20260
CVE.ORG link : CVE-2023-20260
JSON object : View
Products Affected
cisco
- prime_infrastructure
- evolved_programmable_network_manager