CVE-2023-20260

A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:3.10.4:update_1:*:*:*:*:*:*

History

21 Nov 2024, 07:41

Type Values Removed Values Added
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq - Vendor Advisory () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq - Vendor Advisory
CVSS v2 : unknown
v3 : 6.7
v2 : unknown
v3 : 6.0

24 Jan 2024, 18:41

Type Values Removed Values Added
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq - () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq - Vendor Advisory
First Time Cisco prime Infrastructure
Cisco
Cisco evolved Programmable Network Manager
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.7
CWE CWE-88
CPE cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:*
cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:3.10.4:update_1:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*

17 Jan 2024, 17:35

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-17 17:15

Updated : 2024-11-21 07:41


NVD link : CVE-2023-20260

Mitre link : CVE-2023-20260

CVE.ORG link : CVE-2023-20260


JSON object : View

Products Affected

cisco

  • prime_infrastructure
  • evolved_programmable_network_manager
CWE
CWE-284

Improper Access Control

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')