CVE-2023-20260

{"id": "CVE-2023-20260", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 0.8}]}, "published": "2024-01-17T17:15:10.323", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-88"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system."}, {"lang": "es", "value": "Una vulnerabilidad en la CLI de la aplicaci\u00f3n de Cisco Prime Infrastructure y Cisco Evolved Programmable Network Manager podr\u00eda permitir que un atacante local autenticado obtenga privilegios aumentados. Esta vulnerabilidad se debe al procesamiento inadecuado de los argumentos de la l\u00ednea de comando en los scripts de la aplicaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad emitiendo un comando en la CLI con opciones maliciosas. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante obtener privilegios aumentados del usuario root en el sistema operativo subyacente."}], "lastModified": "2024-02-02T16:15:46.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AEC9133-19C1-4CC5-A1F4-187D2EF36B40", "versionEndExcluding": "7.1.1"}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F", "versionEndExcluding": "3.10.4"}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E76E81B-A235-4A19-AAE4-319CB7840673"}, {"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:update_1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "774C7557-0D83-40A9-815C-4E32419A3B6F"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}