CVE-2023-20175

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 1, 2023

Updated: Feb 1, 2024

CWE ID 78

Summary

CVE-2023-20175 is a vulnerability affecting a specific Cisco ISE CLI command. An authenticated, local attacker with Read-only-level privileges or higher can exploit this issue by submitting a crafted command, leading to command injection attacks on the underlying operating system. Successful exploitation could result in privilege escalation to root level access. This vulnerability stems from insufficient validation of user-supplied input.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cisco Identity Services Engine

Affected Vendors

Cisco Systems Inc

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tO-Fkt
https://www.cve.org/CVERecord?id=CVE-2023-20175
https://nvd.nist.gov/vuln/detail/CVE-2023-20175

Back to Vulnerability Database