Vulnerability-Lookup

CVE-2023-20175 (GCVE-0-2023-20175)

Vulnerability from cvelistv5 – Published: 2023-11-01 17:13 – Updated: 2025-12-16 18:23

Summary

A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Read-only-level privileges or higher on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

cisco

References

URL

	Vendor	Product	Version
	Cisco	Cisco Identity Services Engine Software	Affected: 2.6.0 Affected: 2.6.0 p1 Affected: 2.6.0 p2 Affected: 2.6.0 p3 Affected: 2.6.0 p5 Affected: 2.6.0 p6 Affected: 2.6.0 p7 Affected: 2.6.0 p8 Affected: 2.6.0 p9 Affected: 2.6.0 p10 Affected: 2.6.0 p11 Affected: 2.6.0 p12 Affected: 2.7.0 Affected: 2.7.0 p1 Affected: 2.7.0 p2 Affected: 2.7.0 p3 Affected: 2.7.0 p4 Affected: 2.7.0 p5 Affected: 2.7.0 p6 Affected: 2.7.0 p7 Affected: 2.7.0 p9 Affected: 3.0.0 Affected: 3.0.0 p1 Affected: 3.0.0 p2 Affected: 3.0.0 p3 Affected: 3.0.0 p4 Affected: 3.0.0 p5 Affected: 3.0.0 p6 Affected: 3.0.0 p7 Affected: 3.1.0 Affected: 3.1.0 p1 Affected: 3.1.0 p3 Affected: 3.1.0 p4 Affected: 3.1.0 p5 Affected: 3.2.0

CVE-2023-20175

Vulnerability from fstec - Published: 01.11.2023

Title

Уязвимость интерфейса командной строки платформы управления политиками соединений Cisco Identity Services Engine (ISE), позволяющая нарушителю повысить свои привилегии

Description

Уязвимость интерфейса командной строки платформы управления политиками соединений Cisco Identity Services Engine (ISE) связана с непринятием мер по нейтрализации специальных элементов. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Vendor

Cisco Systems Inc.

Software Name

Cisco Identity Services Engine

Software Version

до 2.7Р10 (Cisco Identity Services Engine), от 3.0 до 3.0Р8 (Cisco Identity Services Engine), от 3.1 до 3.1Р6 (Cisco Identity Services Engine), от 3.2 до 3.2Р1 (Cisco Identity Services Engine)

Possible Mitigations

Использование рекомендаций: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw

CWE

CWE-78

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 2.7\u042010 (Cisco Identity Services Engine), \u043e\u0442 3.0 \u0434\u043e 3.0\u04208 (Cisco Identity Services Engine), \u043e\u0442 3.1 \u0434\u043e 3.1\u04206 (Cisco Identity Services Engine), \u043e\u0442 3.2 \u0434\u043e 3.2\u04201 (Cisco Identity Services Engine)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.02.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.02.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-01404",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-20175",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco Identity Services Engine",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0430\u043c\u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 Cisco Identity Services Engine (ISE), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b) (CWE-78)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0430\u043c\u0438 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439 Cisco Identity Services Engine (ISE) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-78",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

CERTFR-2023-AVI-0906

Vulnerability from certfr_avis - Published: 2023-11-02 - Updated: 2023-11-02

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Dans le bulletin de sécurité Cisco cisco-sa-ftd-intrusion-dos-DfT7wyGC du 01 novembre 2023, Cisco fournit des indicateurs de compromission pour vérifier si la vulnérabilité CVE-2023-20244 a été exploitée.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	Adaptive Security Appliance	Cisco Adaptive Security Appliance (ASA), se référer au site de l'éditeur pour vérifier les versions vulnérables (cf. section Documentation)
Cisco	Identity Services Engine	Cisco Identity Services Engine (ISE) versions antérieures à 2.7P10
Cisco	Identity Services Engine	Cisco Identity Services Engine (ISE) versions 3.1.x antérieures à 3.1P8 (annoncée courant novembre 2023, la vulnérabilité CVE-2023-20213 est corrigée dans la version 3.1P6)
Cisco	Identity Services Engine	Cisco Identity Services Engine (ISE) versions 3.2.x antérieures à 3.2P3
Cisco	Firepower Threat Defense	Cisco Firepower Threat Defense (FTD), se référer au site de l'éditeur pour vérifier les versions vulnérables (cf. section Documentation)
Cisco	N/A	Cisco Firepower Management Center (FMC), se référer au site de l'éditeur pour vérifier les versions vulnérables (cf. section Documentation)
Cisco	Identity Services Engine	Cisco Identity Services Engine (ISE) versions 3.0.x antérieures à 3.0P8

References

Title

Publication Time

FKIE_CVE-2023-20175

Vulnerability from fkie_nvd - Published: 2023-11-01 18:15 - Updated: 2024-11-21 07:40

Severity ?

8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

References

	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	identity_services_engine	2.6.0
cisco	identity_services_engine	2.6.0
cisco	identity_services_engine	2.6.0
cisco	identity_services_engine	2.6.0
cisco	identity_services_engine	2.6.0
cisco	identity_services_engine	2.6.0
cisco	identity_services_engine	2.6.0
cisco	identity_services_engine	2.6.0
cisco	identity_services_engine	2.6.0
cisco	identity_services_engine	2.6.0
cisco	identity_services_engine	2.6.0
cisco	identity_services_engine	2.7.0
cisco	identity_services_engine	2.7.0
cisco	identity_services_engine	2.7.0
cisco	identity_services_engine	2.7.0
cisco	identity_services_engine	2.7.0
cisco	identity_services_engine	2.7.0
cisco	identity_services_engine	2.7.0
cisco	identity_services_engine	2.7.0
cisco	identity_services_engine	2.7.0
cisco	identity_services_engine	2.7.0
cisco	identity_services_engine	3.0.0
cisco	identity_services_engine	3.0.0
cisco	identity_services_engine	3.0.0
cisco	identity_services_engine	3.0.0
cisco	identity_services_engine	3.0.0
cisco	identity_services_engine	3.0.0
cisco	identity_services_engine	3.0.0
cisco	identity_services_engine	3.0.0
cisco	identity_services_engine	3.1
cisco	identity_services_engine	3.1
cisco	identity_services_engine	3.1
cisco	identity_services_engine	3.1
cisco	identity_services_engine	3.1
cisco	identity_services_engine	3.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "1F6D1780-3306-4481-A3CD-8F7732D955CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch10:*:*:*:*:*:*",
              "matchCriteriaId": "00756651-F667-4E4A-8024-3EAF003A9B92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch11:*:*:*:*:*:*",
              "matchCriteriaId": "57E9CE5A-219F-4702-9E8A-074ED35BD252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch2:*:*:*:*:*:*",
              "matchCriteriaId": "07BF9702-0607-49A1-A82A-E4ADF1A4135F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch3:*:*:*:*:*:*",
              "matchCriteriaId": "11AA4EC0-6F3C-45A9-9AA4-0D81876F44B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch4:*:*:*:*:*:*",
              "matchCriteriaId": "9A80C77E-EEA3-440F-B3EA-08468756D3E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch5:*:*:*:*:*:*",
              "matchCriteriaId": "1B4B88F0-3229-4B07-9308-C37C794595A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch6:*:*:*:*:*:*",
              "matchCriteriaId": "E02F0E61-FBFF-4C6D-9132-E266FF67802B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch7:*:*:*:*:*:*",
              "matchCriteriaId": "541EC483-540A-4080-AA69-82A0F30EE3D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch8:*:*:*:*:*:*",
              "matchCriteriaId": "66CAFE97-295F-48F7-A92C-A90D3B837483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch9:*:*:*:*:*:*",
              "matchCriteriaId": "68E172B4-867E-4413-9D45-F04B52270D41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "1F22FABF-2831-4895-B0A9-283B98398F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "B83D0F20-5A43-4583-AFAF-CD9D20352437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*",
              "matchCriteriaId": "2887A2C0-BADA-41D3-AA6A-F10BC58AA7F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch3:*:*:*:*:*:*",
              "matchCriteriaId": "5ADE32BD-C500-47D8-86D6-B08F55F1BBDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch4:*:*:*:*:*:*",
              "matchCriteriaId": "22F23314-96BE-42F6-AE07-CC13F8856029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch5:*:*:*:*:*:*",
              "matchCriteriaId": "76265489-E5DC-46F1-9475-2FDFCEE32CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch6:*:*:*:*:*:*",
              "matchCriteriaId": "9517A1B4-45BA-44DD-9122-C86BF9075EFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch7:*:*:*:*:*:*",
              "matchCriteriaId": "1BC35A24-68DB-43C5-A817-9B35018F5990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch8:*:*:*:*:*:*",
              "matchCriteriaId": "DC94625A-6ED0-439B-A2DA-15A49B2FED93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch9:*:*:*:*:*:*",
              "matchCriteriaId": "2392609B-AFEA-4BBD-99FA-E90AD4C2AE8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "A1063044-BCD7-487F-9880-141C30547E36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "DA42E65A-7207-48B8-BE1B-0B352201BC09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*",
              "matchCriteriaId": "75DDAF38-4D5F-4EE4-A428-68D28FC0DA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*",
              "matchCriteriaId": "C5FB6AA6-F8C9-48A6-BDDA-1D25C43564EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*",
              "matchCriteriaId": "2B3A267A-5FEA-426D-903E-BD3F4F94A1A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*",
              "matchCriteriaId": "B1B3207B-1B9C-41AA-8EF6-8478458462E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch6:*:*:*:*:*:*",
              "matchCriteriaId": "C5B9E7F3-B0F2-4A6A-B939-A62E9B12CCEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch7:*:*:*:*:*:*",
              "matchCriteriaId": "EF4C5A58-D0AE-48D6-9757-18C1D5BE5070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*",
              "matchCriteriaId": "C4DB9726-532F-45CE-81FD-45F2F6C7CE51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*",
              "matchCriteriaId": "2E8F0066-0EC0-41FD-80BE-55C4ED5F6B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*",
              "matchCriteriaId": "5D1765DB-1BEF-4CE9-8B86-B91F709600EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*",
              "matchCriteriaId": "3D1E80EF-C3FD-4F7A-B63D-0EAA5C878B11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch5:*:*:*:*:*:*",
              "matchCriteriaId": "095F27EC-5713-4D4F-AD06-57D3DF068B90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "36722B6C-64A5-4D00-94E1-442878C37A35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Read-only-level privileges or higher on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en un comando espec\u00edfico de Cisco ISE CLI podr\u00eda permitir que un atacante local autenticado realice ataques de inyecci\u00f3n de comandos en el sistema operativo subyacente y eleve los privilegios a root. Para aprovechar esta vulnerabilidad, un atacante debe tener privilegios v\u00e1lidos de nivel de solo lectura o superior en el dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un comando CLI manipulado. Un exploit exitoso podr\u00eda permitir al atacante elevar los privilegios a root."
    }
  ],
  "id": "CVE-2023-20175",
  "lastModified": "2024-11-21T07:40:44.887",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-01T18:15:09.330",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2023-20175

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-20175

Aliases

CVE-2023-20175

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-20175",
    "id": "GSD-2023-20175"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-20175"
      ],
      "details": "A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Read-only-level privileges or higher on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.",
      "id": "GSD-2023-20175",
      "modified": "2023-12-13T01:20:28.568245Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2023-20175",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Identity Services Engine Software",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "2.6.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.6.0 p1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.6.0 p2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.6.0 p3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.6.0 p5"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.6.0 p6"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.6.0 p7"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.6.0 p8"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.6.0 p9"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.6.0 p10"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.6.0 p11"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.6.0 p12"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.7.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.7.0 p1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.7.0 p2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.7.0 p3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.7.0 p4"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.7.0 p5"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.7.0 p6"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.7.0 p7"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "2.7.0 p9"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "3.0.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "3.0.0 p1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "3.0.0 p2"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "3.0.0 p3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "3.0.0 p4"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "3.0.0 p5"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "3.0.0 p6"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "3.0.0 p7"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "3.1.0"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "3.1.0 p1"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "3.1.0 p3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "3.1.0 p4"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "3.1.0 p5"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "3.2.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Read-only-level privileges or higher on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root."
          }
        ]
      },
      "exploit": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-78",
                "lang": "eng",
                "value": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw",
            "refsource": "MISC",
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-ise-injection-QeXegrCw",
        "defects": [
          "CSCwd07353"
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch1:*:*:*:*:*:*",
                    "matchCriteriaId": "1F6D1780-3306-4481-A3CD-8F7732D955CC",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch10:*:*:*:*:*:*",
                    "matchCriteriaId": "00756651-F667-4E4A-8024-3EAF003A9B92",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch11:*:*:*:*:*:*",
                    "matchCriteriaId": "57E9CE5A-219F-4702-9E8A-074ED35BD252",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch2:*:*:*:*:*:*",
                    "matchCriteriaId": "07BF9702-0607-49A1-A82A-E4ADF1A4135F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch3:*:*:*:*:*:*",
                    "matchCriteriaId": "11AA4EC0-6F3C-45A9-9AA4-0D81876F44B5",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch4:*:*:*:*:*:*",
                    "matchCriteriaId": "9A80C77E-EEA3-440F-B3EA-08468756D3E2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch5:*:*:*:*:*:*",
                    "matchCriteriaId": "1B4B88F0-3229-4B07-9308-C37C794595A0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch6:*:*:*:*:*:*",
                    "matchCriteriaId": "E02F0E61-FBFF-4C6D-9132-E266FF67802B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch7:*:*:*:*:*:*",
                    "matchCriteriaId": "541EC483-540A-4080-AA69-82A0F30EE3D6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch8:*:*:*:*:*:*",
                    "matchCriteriaId": "66CAFE97-295F-48F7-A92C-A90D3B837483",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch9:*:*:*:*:*:*",
                    "matchCriteriaId": "68E172B4-867E-4413-9D45-F04B52270D41",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:*",
                    "matchCriteriaId": "1F22FABF-2831-4895-B0A9-283B98398F43",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch1:*:*:*:*:*:*",
                    "matchCriteriaId": "B83D0F20-5A43-4583-AFAF-CD9D20352437",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*",
                    "matchCriteriaId": "2887A2C0-BADA-41D3-AA6A-F10BC58AA7F9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch3:*:*:*:*:*:*",
                    "matchCriteriaId": "5ADE32BD-C500-47D8-86D6-B08F55F1BBDF",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch4:*:*:*:*:*:*",
                    "matchCriteriaId": "22F23314-96BE-42F6-AE07-CC13F8856029",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch5:*:*:*:*:*:*",
                    "matchCriteriaId": "76265489-E5DC-46F1-9475-2FDFCEE32CF4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch6:*:*:*:*:*:*",
                    "matchCriteriaId": "9517A1B4-45BA-44DD-9122-C86BF9075EFE",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch7:*:*:*:*:*:*",
                    "matchCriteriaId": "1BC35A24-68DB-43C5-A817-9B35018F5990",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch8:*:*:*:*:*:*",
                    "matchCriteriaId": "DC94625A-6ED0-439B-A2DA-15A49B2FED93",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch9:*:*:*:*:*:*",
                    "matchCriteriaId": "2392609B-AFEA-4BBD-99FA-E90AD4C2AE8F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*",
                    "matchCriteriaId": "A1063044-BCD7-487F-9880-141C30547E36",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*",
                    "matchCriteriaId": "DA42E65A-7207-48B8-BE1B-0B352201BC09",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*",
                    "matchCriteriaId": "75DDAF38-4D5F-4EE4-A428-68D28FC0DA96",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*",
                    "matchCriteriaId": "C5FB6AA6-F8C9-48A6-BDDA-1D25C43564EB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*",
                    "matchCriteriaId": "2B3A267A-5FEA-426D-903E-BD3F4F94A1A4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*",
                    "matchCriteriaId": "B1B3207B-1B9C-41AA-8EF6-8478458462E7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch6:*:*:*:*:*:*",
                    "matchCriteriaId": "C5B9E7F3-B0F2-4A6A-B939-A62E9B12CCEB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch7:*:*:*:*:*:*",
                    "matchCriteriaId": "EF4C5A58-D0AE-48D6-9757-18C1D5BE5070",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*",
                    "matchCriteriaId": "C4DB9726-532F-45CE-81FD-45F2F6C7CE51",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*",
                    "matchCriteriaId": "2E8F0066-0EC0-41FD-80BE-55C4ED5F6B0E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*",
                    "matchCriteriaId": "5D1765DB-1BEF-4CE9-8B86-B91F709600EB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*",
                    "matchCriteriaId": "3D1E80EF-C3FD-4F7A-B63D-0EAA5C878B11",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.1:patch5:*:*:*:*:*:*",
                    "matchCriteriaId": "095F27EC-5713-4D4F-AD06-57D3DF068B90",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*",
                    "matchCriteriaId": "36722B6C-64A5-4D00-94E1-442878C37A35",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Read-only-level privileges or higher on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root."
          },
          {
            "lang": "es",
            "value": "Una vulnerabilidad en un comando espec\u00edfico de Cisco ISE CLI podr\u00eda permitir que un atacante local autenticado realice ataques de inyecci\u00f3n de comandos en el sistema operativo subyacente y eleve los privilegios a root. Para aprovechar esta vulnerabilidad, un atacante debe tener privilegios v\u00e1lidos de nivel de solo lectura o superior en el dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un comando CLI manipulado. Un exploit exitoso podr\u00eda permitir al atacante elevar los privilegios a root."
          }
        ],
        "id": "CVE-2023-20175",
        "lastModified": "2024-02-01T18:06:40.530",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.0,
              "impactScore": 6.0,
              "source": "nvd@nist.gov",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.0,
              "impactScore": 6.0,
              "source": "ykramarz@cisco.com",
              "type": "Secondary"
            }
          ]
        },
        "published": "2023-11-01T18:15:09.330",
        "references": [
          {
            "source": "ykramarz@cisco.com",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw"
          }
        ],
        "sourceIdentifier": "ykramarz@cisco.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-78"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-78"
              }
            ],
            "source": "ykramarz@cisco.com",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

GHSA-333G-4P9H-PGJV

Vulnerability from github – Published: 2023-11-01 18:30 – Updated: 2023-11-01 18:30

Details

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-20175"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-01T18:15:09Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Read-only-level privileges or higher on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.",
  "id": "GHSA-333g-4p9h-pgjv",
  "modified": "2023-11-01T18:30:33Z",
  "published": "2023-11-01T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20175"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-20175 (GCVE-0-2023-20175)

CVE-2023-20175

CERTFR-2023-AVI-0906

Solution

FKIE_CVE-2023-20175

GSD-2023-20175

GHSA-333G-4P9H-PGJV

Tags

Sightings

Nomenclature