VDB
CVE-2023-20210
CVE-2023-20210
PUBLISHED
CVSS 6 MEDIUM
A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device.
EPSS 0.03% · 7.3th percentile
Risk Scores
CVSS 3.1
6
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.03%
7.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | broadworks_webrtc_server_firmware | 24.0, 23.0, 25.0 |
| cisco | broadworks_application_delivery_platform_firmware | 25.0, 23.0, 24.0 |
| cisco | broadworks_sharing_server_firmware | 23.0, 24.0, 25.0 |
| cisco | broadworks_xtended_services_platform_firmware | 25.0, 23.0, 24.0 |
| cisco | broadworks_profile_server_firmware | 23.0, 24.0, 25.0 |
| cisco | broadworks_network_server_firmware | 24.0, 23.0, 25.0 |
| cisco | broadworks_service_control_function_server_firmware | 24.0, 23.0, 25.0 |
| cisco | broadworks_network_function_manager_firmware | 24.0, 23.0, 25.0 |
| cisco | broadworks_database_troubleshooting_server_firmware | 24.0, 23.0, 25.0 |
| cisco | broadworks_video_server_firmware | 25.0, 24.0, 23.0 |
| cisco | broadworks_messaging_server_firmware | 23.0, 25.0, 24.0 |
| cisco | broadworks_media_server_firmware | 25.0, 23.0, 24.0 |
| cisco | broadworks_execution_server_firmware | 24.0, 23.0, 25.0 |
| cisco | broadworks_application_server_firmware | 25.0, 23.0, 24.0 |
| cisco | broadworks_database_server_firmware | 25.0, 23.0, 24.0 |
| cisco | broadworks_network_database_server_firmware | 25.0, 23.0, 24.0 |
| Cisco | Cisco BroadWorks |
Exploit Intelligence
- CIRCL seen: CVE-2023-20210 (circl-sighting)
- cisco-sa-bw-privesc-yw4ekrXW (circl)
Timeline
- Jul 12, 2023 CVE Published
- Jul 13, 2023 EPSS Score
- Aug 17, 2023 EPSS Score
- Sep 20, 2023 EPSS Score
- Oct 25, 2023 EPSS Score
- Nov 28, 2023 EPSS Score
- Jan 2, 2024 EPSS Score
- Feb 5, 2024 EPSS Score
- Mar 11, 2024 EPSS Score
- Apr 14, 2024 EPSS Score
- May 19, 2024 EPSS Score
- Jun 23, 2024 EPSS Score