VDB

CVE-2023-20217

CVE-2023-20217 PUBLISHED CVSS 5.5 MEDIUM

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using sudo. A successful exploit could allow the attacker to view arbitrary files as root on the underlying operating system. The attacker must have valid credentials on the affected device.

EPSS 0.05% · 17.6th percentile

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.05%
17.6th percentile

Affected Products

VendorProductVersions
ciscothousandeyes_enterprise_agent0
ciscothousandeyes_recorder
CiscoCisco ThousandEyes Recorder Application*

Exploit Intelligence

Timeline

  • Aug 16, 2023 CVE Published
  • Aug 18, 2023 EPSS Score
  • Aug 20, 2023 PoC Published
  • Sep 20, 2023 EPSS Score
  • Oct 24, 2023 EPSS Score
  • Nov 26, 2023 EPSS Score
  • Dec 29, 2023 EPSS Score
  • Feb 1, 2024 EPSS Score
  • Mar 5, 2024 EPSS Score
  • Apr 7, 2024 EPSS Score
  • May 10, 2024 EPSS Score
  • Jun 13, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›