CVE-2023-20237 MEDIUM

CVE-2023-20237

Vendor Cisco
Product Cisco Intersight Virtual Appliance
Weakness CWE-284
Published August 16, 2023
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

4.3/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level.

Key dates

02Disclosure timeline

August 16, 2023 CVE published
August 2, 2024 Record updated