CVE-2023-20224

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Aug 16, 2023

Updated: Jan 25, 2024

CWE ID 88

CWE ID 284

Summary

CVE-2023-20224 is a recently disclosed vulnerability affecting the Command Line Interface (CLI) of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type. An authenticated, local attacker can leverage this flaw to elevate privileges to root on impacted devices. This vulnerability arises from insufficient input validation of user-supplied CLI arguments, enabling an attacker to craft commands to execute arbitrary root-level actions. Successful exploitation requires the attacker to have valid credentials on the targeted device.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sXZcO3
https://www.cve.org/CVERecord?id=CVE-2023-20224
https://nvd.nist.gov/vuln/detail/CVE-2023-20224

Back to Vulnerability Database

CVE-2023-20224

CVSS 3.1 Score 7.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations