CVE-2023-20210

EPSS 0.02%
Veröffentlicht 12.07.2023 14:15:09
Zuletzt bearbeitet 21.11.2024 07:40:51
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device.

 The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Broadworks Application Delivery Platform Firmware Version23.0

Cisco ≫ Broadworks Application Delivery Platform Version-

Cisco ≫ Broadworks Application Delivery Platform Firmware Version24.0

Cisco ≫ Broadworks Application Delivery Platform Version-

Cisco ≫ Broadworks Application Delivery Platform Firmware Version25.0

Cisco ≫ Broadworks Application Delivery Platform Version-

Cisco ≫ Broadworks Application Server Firmware Version23.0

Cisco ≫ Broadworks Application Server Version-

Cisco ≫ Broadworks Application Server Firmware Version24.0

Cisco ≫ Broadworks Application Server Version-

Cisco ≫ Broadworks Application Server Firmware Version25.0

Cisco ≫ Broadworks Application Server Version-

Cisco ≫ Broadworks Database Server Firmware Version23.0

Cisco ≫ Broadworks Database Server Version-

Cisco ≫ Broadworks Database Server Firmware Version24.0

Cisco ≫ Broadworks Database Server Version-

Cisco ≫ Broadworks Database Server Firmware Version25.0

Cisco ≫ Broadworks Database Server Version-

Cisco ≫ Broadworks Database Troubleshooting Server Firmware Version23.0

Cisco ≫ Broadworks Database Troubleshooting Server Version-

Cisco ≫ Broadworks Database Troubleshooting Server Firmware Version24.0

Cisco ≫ Broadworks Database Troubleshooting Server Version-

Cisco ≫ Broadworks Database Troubleshooting Server Firmware Version25.0

Cisco ≫ Broadworks Database Troubleshooting Server Version-

Cisco ≫ Broadworks Execution Server Firmware Version23.0

Cisco ≫ Broadworks Execution Server Version-

Cisco ≫ Broadworks Execution Server Firmware Version24.0

Cisco ≫ Broadworks Execution Server Version-

Cisco ≫ Broadworks Execution Server Firmware Version25.0

Cisco ≫ Broadworks Execution Server Version-

Cisco ≫ Broadworks Media Server Firmware Version23.0

Cisco ≫ Broadworks Media Server Version-

Cisco ≫ Broadworks Media Server Firmware Version24.0

Cisco ≫ Broadworks Media Server Version-

Cisco ≫ Broadworks Media Server Firmware Version25.0

Cisco ≫ Broadworks Media Server Version-

Cisco ≫ Broadworks Messaging Server Firmware Version23.0

Cisco ≫ Broadworks Messaging Server Version-

Cisco ≫ Broadworks Messaging Server Firmware Version24.0

Cisco ≫ Broadworks Messaging Server Version-

Cisco ≫ Broadworks Messaging Server Firmware Version25.0

Cisco ≫ Broadworks Messaging Server Version-

Cisco ≫ Broadworks Network Database Server Firmware Version23.0

Cisco ≫ Broadworks Network Database Server Version-

Cisco ≫ Broadworks Network Database Server Firmware Version24.0

Cisco ≫ Broadworks Network Database Server Version-

Cisco ≫ Broadworks Network Database Server Firmware Version25.0

Cisco ≫ Broadworks Network Database Server Version-

Cisco ≫ Broadworks Network Function Manager Firmware Version23.0

Cisco ≫ Broadworks Network Function Manager Version-

Cisco ≫ Broadworks Network Function Manager Firmware Version24.0

Cisco ≫ Broadworks Network Function Manager Version-

Cisco ≫ Broadworks Network Function Manager Firmware Version25.0

Cisco ≫ Broadworks Network Function Manager Version-

Cisco ≫ Broadworks Network Server Firmware Version23.0

Cisco ≫ Broadworks Network Server Version-

Cisco ≫ Broadworks Network Server Firmware Version24.0

Cisco ≫ Broadworks Network Server Version-

Cisco ≫ Broadworks Network Server Firmware Version25.0

Cisco ≫ Broadworks Network Server Version-

Cisco ≫ Broadworks Profile Server Firmware Version23.0

Cisco ≫ Broadworks Profile Server Version-

Cisco ≫ Broadworks Profile Server Firmware Version24.0

Cisco ≫ Broadworks Profile Server Version-

Cisco ≫ Broadworks Profile Server Firmware Version25.0

Cisco ≫ Broadworks Profile Server Version-

Cisco ≫ Broadworks Service Control Function Server Firmware Version23.0

Cisco ≫ Broadworks Service Control Function Server Version-

Cisco ≫ Broadworks Service Control Function Server Firmware Version24.0

Cisco ≫ Broadworks Service Control Function Server Version-

Cisco ≫ Broadworks Service Control Function Server Firmware Version25.0

Cisco ≫ Broadworks Service Control Function Server Version-

Cisco ≫ Broadworks Sharing Server Firmware Version23.0

Cisco ≫ Broadworks Sharing Server Version-

Cisco ≫ Broadworks Sharing Server Firmware Version24.0

Cisco ≫ Broadworks Sharing Server Version-

Cisco ≫ Broadworks Sharing Server Firmware Version25.0

Cisco ≫ Broadworks Sharing Server Version-

Cisco ≫ Broadworks Video Server Firmware Version23.0

Cisco ≫ Broadworks Video Server Version-

Cisco ≫ Broadworks Video Server Firmware Version24.0

Cisco ≫ Broadworks Video Server Version-

Cisco ≫ Broadworks Video Server Firmware Version25.0

Cisco ≫ Broadworks Video Server Version-

Cisco ≫ Broadworks Webrtc Server Firmware Version23.0

Cisco ≫ Broadworks Webrtc Server Version-

Cisco ≫ Broadworks Webrtc Server Firmware Version24.0

Cisco ≫ Broadworks Webrtc Server Version-

Cisco ≫ Broadworks Webrtc Server Firmware Version25.0

Cisco ≫ Broadworks Webrtc Server Version-

Cisco ≫ Broadworks Xtended Services Platform Firmware Version23.0

Cisco ≫ Broadworks Xtended Services Platform Version-

Cisco ≫ Broadworks Xtended Services Platform Firmware Version24.0

Cisco ≫ Broadworks Xtended Services Platform Version-

Cisco ≫ Broadworks Xtended Services Platform Firmware Version25.0

Cisco ≫ Broadworks Xtended Services Platform Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.031

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
psirt@cisco.com	6	0.8	5.2	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE-250 Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-20210

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-20210

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-20210

EUVD