CVE-2023-20013 — Vulnetix

CVE-2023-20013 PUBLISHED CVSS 6.5 MEDIUM

Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

EPSS 0.11% · 28.4th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.11%

28.4th percentile

Affected Products

Vendor	Product	Versions
cisco	intersight_private_virtual_appliance	1.0.9
Cisco	Cisco Intersight Virtual Appliance	1.0.9-113, 1.0.9-148, 1.0.9-230

Exploit Intelligence

CIRCL seen: CVE-2023-20013 (circl-sighting)
cisco-sa-ivpa-cmdinj-C5XRbbOy (circl)

Timeline

Aug 16, 2023 CVE Published
Aug 18, 2023 EPSS Score
Sep 20, 2023 EPSS Score
Oct 24, 2023 EPSS Score
Nov 26, 2023 EPSS Score
Dec 29, 2023 EPSS Score
Feb 1, 2024 EPSS Score
Mar 5, 2024 EPSS Score
Apr 7, 2024 EPSS Score
May 10, 2024 EPSS Score
Jun 13, 2024 EPSS Score
Jul 16, 2024 EPSS Score

References

cisco-sa-ivpa-cmdinj-C5XRbbOy url
https://nvd.nist.gov/vuln/detail/CVE-2023-20013 advisory

Open in Interactive Console →