CVE-2023-20175

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-20175
A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Read-only-level privileges or higher on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch10:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch11:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch7:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch8:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch9:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch7:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch8:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch9:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch7:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*
History

01 Feb 2024, 18:06

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8 		v2 : unknown
v3 : 8.8

09 Nov 2023, 19:16

Type Values Removed Values Added
CWE CWE-78
CPE cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch8:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch7:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch7:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch9:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch3:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch6:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch2:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch10:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch11:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:-:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch9:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.1:patch5:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.6.0:patch1:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.0.0:patch7:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch4:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:2.7.0:patch8:*:*:*:*:*:*
First Time Cisco
Cisco identity Services Engine
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
References (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw - (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-injection-QeXegrCw - Vendor Advisory

01 Nov 2023, 18:17

Type Values Removed Values Added
New CVE
Information

Published : 2023-11-01 18:15

Updated : 2024-02-01 18:06

NVD link : CVE-2023-20175

Mitre link : CVE-2023-20175

CVE.ORG link : CVE-2023-20175

JSON object : View

Products Affected

cisco

  • identity_services_engine
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')