CVE-2023-20023 MEDIUM

CVE-2023-20023: Cisco Identity Services Engine Privilege Escalation Vulnerabilities

Vendor Cisco

Product Cisco Identity Services Engine Software

Weakness CWE-78

Published April 5, 2023

Last update October 28, 2024

View on NVD All CVEs

CVSS base score

6.0/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.

Key dates

02Disclosure timeline

April 5, 2023 CVE published

October 28, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-20023 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2023-20023

CWE CWE-78

CVSS 6.0 / MEDIUM

Affected versions