CVE-2023-20260

CVE Database · CVE-2023-20260

CVE-2023-20260

· MEDIUMModified

CVSS v3.1

6.0

EPSS

0.18%

Published

Jan 17, 2024

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Weaknesses (CWE)

CWE-284CWE-88

Affected Products (4)

cisco · evolved_programmable_network_manager (up to 7.1.1)vulnerable

cisco · prime_infrastructure (up to 3.10.4)vulnerable

cisco · prime_infrastructurevulnerable

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs