Lucene search

[email protected]NVD:CVE-2023-20210

HistoryJul 12, 2023 - 2:15 p.m.

CVE-2023-20210

2023-07-1214:15:09

CWE-250

[email protected]

web.nvd.nist.gov

cisco broadworks

privilege escalation

input validation

operating system

cli

crafted command

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device.

The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device.

Affected configurations

NVD

Node

ciscobroadworks_application_delivery_platform_firmwareMatch23.0

ciscobroadworks_application_delivery_platform_firmwareMatch24.0

ciscobroadworks_application_delivery_platform_firmwareMatch25.0

AND

ciscobroadworks_application_delivery_platformMatch-

Node

ciscobroadworks_application_server_firmwareMatch23.0

ciscobroadworks_application_server_firmwareMatch24.0

ciscobroadworks_application_server_firmwareMatch25.0

AND

ciscobroadworks_application_serverMatch-

Node

ciscobroadworks_database_server_firmwareMatch23.0

ciscobroadworks_database_server_firmwareMatch24.0

ciscobroadworks_database_server_firmwareMatch25.0

AND

ciscobroadworks_database_serverMatch-

Node

ciscobroadworks_database_troubleshooting_server_firmwareMatch23.0

ciscobroadworks_database_troubleshooting_server_firmwareMatch24.0

ciscobroadworks_database_troubleshooting_server_firmwareMatch25.0

AND

ciscobroadworks_database_troubleshooting_serverMatch-

Node

ciscobroadworks_execution_server_firmwareMatch23.0

ciscobroadworks_execution_server_firmwareMatch24.0

ciscobroadworks_execution_server_firmwareMatch25.0

AND

ciscobroadworks_execution_serverMatch-

Node

ciscobroadworks_media_server_firmwareMatch23.0

ciscobroadworks_media_server_firmwareMatch24.0

ciscobroadworks_media_server_firmwareMatch25.0

AND

ciscobroadworks_media_serverMatch-

Node

ciscobroadworks_messaging_server_firmwareMatch23.0

ciscobroadworks_messaging_server_firmwareMatch24.0

ciscobroadworks_messaging_server_firmwareMatch25.0

AND

ciscobroadworks_messaging_serverMatch-

Node

ciscobroadworks_network_database_server_firmwareMatch23.0

ciscobroadworks_network_database_server_firmwareMatch24.0

ciscobroadworks_network_database_server_firmwareMatch25.0

AND

ciscobroadworks_network_database_serverMatch-

Node

ciscobroadworks_network_function_manager_firmwareMatch23.0

ciscobroadworks_network_function_manager_firmwareMatch24.0

ciscobroadworks_network_function_manager_firmwareMatch25.0

AND

ciscobroadworks_network_function_managerMatch-

Node

ciscobroadworks_network_server_firmwareMatch23.0

ciscobroadworks_network_server_firmwareMatch24.0

ciscobroadworks_network_server_firmwareMatch25.0

AND

ciscobroadworks_network_serverMatch-

Node

ciscobroadworks_profile_server_firmwareMatch23.0

ciscobroadworks_profile_server_firmwareMatch24.0

ciscobroadworks_profile_server_firmwareMatch25.0

AND

ciscobroadworks_profile_serverMatch-

Node

ciscobroadworks_service_control_function_server_firmwareMatch23.0

ciscobroadworks_service_control_function_server_firmwareMatch24.0

ciscobroadworks_service_control_function_server_firmwareMatch25.0

AND

ciscobroadworks_service_control_function_serverMatch-

Node

ciscobroadworks_sharing_server_firmwareMatch23.0

ciscobroadworks_sharing_server_firmwareMatch24.0

ciscobroadworks_sharing_server_firmwareMatch25.0

AND

ciscobroadworks_sharing_serverMatch-

Node

ciscobroadworks_video_server_firmwareMatch23.0

ciscobroadworks_video_server_firmwareMatch24.0

ciscobroadworks_video_server_firmwareMatch25.0

AND

ciscobroadworks_video_serverMatch-

Node

ciscobroadworks_webrtc_server_firmwareMatch23.0

ciscobroadworks_webrtc_server_firmwareMatch24.0

ciscobroadworks_webrtc_server_firmwareMatch25.0

AND

ciscobroadworks_webrtc_serverMatch-

Node

ciscobroadworks_xtended_services_platform_firmwareMatch23.0

ciscobroadworks_xtended_services_platform_firmwareMatch24.0

ciscobroadworks_xtended_services_platform_firmwareMatch25.0

AND

ciscobroadworks_xtended_services_platformMatch-

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-20210

cvelist1 cve1 prion1 cisco1