VDB
CVE-2023-20039
CVE-2023-20039
PUBLISHED
CVSS 5.5 MEDIUM
A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the application data directory. A successful exploit could allow the attacker to view sensitive information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
EPSS 0.13% · 31.4th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.13%
31.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | industrial_network_director | 0 |
| Cisco | Cisco Industrial Network Director | 1.6.0, 1.7.0, 1.6.1 |
Exploit Intelligence
- cisco-sa-ind-CAeLFk6V (circl)
Timeline
- Apr 20, 2023 CVE Published
- Nov 16, 2024 EPSS Score
- Dec 5, 2024 EPSS Score
- Dec 22, 2024 EPSS Score
- Jan 9, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Feb 13, 2025 EPSS Score
- Mar 3, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Apr 7, 2025 EPSS Score
- Apr 24, 2025 EPSS Score
- May 12, 2025 EPSS Score
References
- cisco-sa-ind-CAeLFk6V url
- https://nvd.nist.gov/vuln/detail/CVE-2023-20039 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ssh-privesc-BmWeJC3h advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-tcp-dos-KEdJCxLs advisory