Search criteria
6 vulnerabilities found for intersight_private_virtual_appliance by cisco
FKIE_CVE-2023-20017
Vulnerability from fkie_nvd - Published: 2023-08-16 22:15 - Updated: 2024-11-21 07:40
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.
These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | intersight_private_virtual_appliance | 1.0.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:intersight_private_virtual_appliance:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "031AB726-6056-4B54-8F11-8C1567AFC3A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.\r\n\r These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."
}
],
"id": "CVE-2023-20017",
"lastModified": "2024-11-21T07:40:21.120",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-16T22:15:10.353",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-20013
Vulnerability from fkie_nvd - Published: 2023-08-16 22:15 - Updated: 2024-11-21 07:40
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.
These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | intersight_private_virtual_appliance | 1.0.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:intersight_private_virtual_appliance:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "031AB726-6056-4B54-8F11-8C1567AFC3A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.\r\n\r These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."
}
],
"id": "CVE-2023-20013",
"lastModified": "2024-11-21T07:40:20.583",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-16T22:15:09.750",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-20013 (GCVE-0-2023-20013)
Vulnerability from cvelistv5 – Published: 2023-08-16 21:01 – Updated: 2024-11-21 21:41
VLAI?
Summary
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.
These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.
Severity ?
6.5 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Intersight Virtual Appliance |
Affected:
1.0.9-113
Affected: 1.0.9-148 Affected: 1.0.9-230 Affected: 1.0.9-53 Affected: 1.0.9-7 Affected: 1.0.9-197 Affected: 1.0.9-170 Affected: 1.0.9-149 Affected: 1.0.9-278 Affected: 1.0.9-184 Affected: 1.0.9-232 Affected: 1.0.9-83 Affected: 1.0.9-90 Affected: 1.0.9-97 Affected: 1.0.9-125 Affected: 1.0.9-250 Affected: 1.0.9-77 Affected: 1.0.9-133 Affected: 1.0.9-67 Affected: 1.0.9-214 Affected: 1.0.9-103 Affected: 1.0.9-266 Affected: 1.0.9-13 Affected: 1.0.9-164 Affected: 1.0.9-292 Affected: 1.0.9-302 Affected: 1.0.9-319 Affected: 1.0.9-343 Affected: 1.0.9-360 Affected: 1.0.9-361 Affected: 1.0.9-378 Affected: 1.0.9-389 Affected: 1.0.9-402 Affected: 1.0.9-428 Affected: 1.0.9-442 Affected: 1.0.9-456 Affected: 1.0.9-503 Affected: 1.0.9-536 Affected: 1.0.9-538 Affected: 1.0.9-558 Affected: 1.0.9-561 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-30T15:25:03.100326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T21:41:55.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Intersight Virtual Appliance",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.9-113"
},
{
"status": "affected",
"version": "1.0.9-148"
},
{
"status": "affected",
"version": "1.0.9-230"
},
{
"status": "affected",
"version": "1.0.9-53"
},
{
"status": "affected",
"version": "1.0.9-7"
},
{
"status": "affected",
"version": "1.0.9-197"
},
{
"status": "affected",
"version": "1.0.9-170"
},
{
"status": "affected",
"version": "1.0.9-149"
},
{
"status": "affected",
"version": "1.0.9-278"
},
{
"status": "affected",
"version": "1.0.9-184"
},
{
"status": "affected",
"version": "1.0.9-232"
},
{
"status": "affected",
"version": "1.0.9-83"
},
{
"status": "affected",
"version": "1.0.9-90"
},
{
"status": "affected",
"version": "1.0.9-97"
},
{
"status": "affected",
"version": "1.0.9-125"
},
{
"status": "affected",
"version": "1.0.9-250"
},
{
"status": "affected",
"version": "1.0.9-77"
},
{
"status": "affected",
"version": "1.0.9-133"
},
{
"status": "affected",
"version": "1.0.9-67"
},
{
"status": "affected",
"version": "1.0.9-214"
},
{
"status": "affected",
"version": "1.0.9-103"
},
{
"status": "affected",
"version": "1.0.9-266"
},
{
"status": "affected",
"version": "1.0.9-13"
},
{
"status": "affected",
"version": "1.0.9-164"
},
{
"status": "affected",
"version": "1.0.9-292"
},
{
"status": "affected",
"version": "1.0.9-302"
},
{
"status": "affected",
"version": "1.0.9-319"
},
{
"status": "affected",
"version": "1.0.9-343"
},
{
"status": "affected",
"version": "1.0.9-360"
},
{
"status": "affected",
"version": "1.0.9-361"
},
{
"status": "affected",
"version": "1.0.9-378"
},
{
"status": "affected",
"version": "1.0.9-389"
},
{
"status": "affected",
"version": "1.0.9-402"
},
{
"status": "affected",
"version": "1.0.9-428"
},
{
"status": "affected",
"version": "1.0.9-442"
},
{
"status": "affected",
"version": "1.0.9-456"
},
{
"status": "affected",
"version": "1.0.9-503"
},
{
"status": "affected",
"version": "1.0.9-536"
},
{
"status": "affected",
"version": "1.0.9-538"
},
{
"status": "affected",
"version": "1.0.9-558"
},
{
"status": "affected",
"version": "1.0.9-561"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.\r\n\r These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:30.936Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
}
],
"source": {
"advisory": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
"defects": [
"CSCwc35159"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20013",
"datePublished": "2023-08-16T21:01:43.295Z",
"dateReserved": "2022-10-27T18:47:50.308Z",
"dateUpdated": "2024-11-21T21:41:55.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20017 (GCVE-0-2023-20017)
Vulnerability from cvelistv5 – Published: 2023-08-16 21:01 – Updated: 2024-08-02 08:57
VLAI?
Summary
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.
These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.
Severity ?
6.5 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Intersight Virtual Appliance |
Affected:
1.0.9-113
Affected: 1.0.9-148 Affected: 1.0.9-230 Affected: 1.0.9-53 Affected: 1.0.9-7 Affected: 1.0.9-197 Affected: 1.0.9-170 Affected: 1.0.9-149 Affected: 1.0.9-278 Affected: 1.0.9-184 Affected: 1.0.9-232 Affected: 1.0.9-83 Affected: 1.0.9-90 Affected: 1.0.9-97 Affected: 1.0.9-125 Affected: 1.0.9-250 Affected: 1.0.9-77 Affected: 1.0.9-133 Affected: 1.0.9-67 Affected: 1.0.9-214 Affected: 1.0.9-103 Affected: 1.0.9-266 Affected: 1.0.9-13 Affected: 1.0.9-164 Affected: 1.0.9-292 Affected: 1.0.9-302 Affected: 1.0.9-319 Affected: 1.0.9-343 Affected: 1.0.9-360 Affected: 1.0.9-361 Affected: 1.0.9-378 Affected: 1.0.9-389 Affected: 1.0.9-402 Affected: 1.0.9-428 Affected: 1.0.9-442 Affected: 1.0.9-456 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Intersight Virtual Appliance",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.9-113"
},
{
"status": "affected",
"version": "1.0.9-148"
},
{
"status": "affected",
"version": "1.0.9-230"
},
{
"status": "affected",
"version": "1.0.9-53"
},
{
"status": "affected",
"version": "1.0.9-7"
},
{
"status": "affected",
"version": "1.0.9-197"
},
{
"status": "affected",
"version": "1.0.9-170"
},
{
"status": "affected",
"version": "1.0.9-149"
},
{
"status": "affected",
"version": "1.0.9-278"
},
{
"status": "affected",
"version": "1.0.9-184"
},
{
"status": "affected",
"version": "1.0.9-232"
},
{
"status": "affected",
"version": "1.0.9-83"
},
{
"status": "affected",
"version": "1.0.9-90"
},
{
"status": "affected",
"version": "1.0.9-97"
},
{
"status": "affected",
"version": "1.0.9-125"
},
{
"status": "affected",
"version": "1.0.9-250"
},
{
"status": "affected",
"version": "1.0.9-77"
},
{
"status": "affected",
"version": "1.0.9-133"
},
{
"status": "affected",
"version": "1.0.9-67"
},
{
"status": "affected",
"version": "1.0.9-214"
},
{
"status": "affected",
"version": "1.0.9-103"
},
{
"status": "affected",
"version": "1.0.9-266"
},
{
"status": "affected",
"version": "1.0.9-13"
},
{
"status": "affected",
"version": "1.0.9-164"
},
{
"status": "affected",
"version": "1.0.9-292"
},
{
"status": "affected",
"version": "1.0.9-302"
},
{
"status": "affected",
"version": "1.0.9-319"
},
{
"status": "affected",
"version": "1.0.9-343"
},
{
"status": "affected",
"version": "1.0.9-360"
},
{
"status": "affected",
"version": "1.0.9-361"
},
{
"status": "affected",
"version": "1.0.9-378"
},
{
"status": "affected",
"version": "1.0.9-389"
},
{
"status": "affected",
"version": "1.0.9-402"
},
{
"status": "affected",
"version": "1.0.9-428"
},
{
"status": "affected",
"version": "1.0.9-442"
},
{
"status": "affected",
"version": "1.0.9-456"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.\r\n\r These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:31.634Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
}
],
"source": {
"advisory": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
"defects": [
"CSCwc35166"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20017",
"datePublished": "2023-08-16T21:01:28.215Z",
"dateReserved": "2022-10-27T18:47:50.308Z",
"dateUpdated": "2024-08-02T08:57:35.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20013 (GCVE-0-2023-20013)
Vulnerability from nvd – Published: 2023-08-16 21:01 – Updated: 2024-11-21 21:41
VLAI?
Summary
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.
These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.
Severity ?
6.5 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Intersight Virtual Appliance |
Affected:
1.0.9-113
Affected: 1.0.9-148 Affected: 1.0.9-230 Affected: 1.0.9-53 Affected: 1.0.9-7 Affected: 1.0.9-197 Affected: 1.0.9-170 Affected: 1.0.9-149 Affected: 1.0.9-278 Affected: 1.0.9-184 Affected: 1.0.9-232 Affected: 1.0.9-83 Affected: 1.0.9-90 Affected: 1.0.9-97 Affected: 1.0.9-125 Affected: 1.0.9-250 Affected: 1.0.9-77 Affected: 1.0.9-133 Affected: 1.0.9-67 Affected: 1.0.9-214 Affected: 1.0.9-103 Affected: 1.0.9-266 Affected: 1.0.9-13 Affected: 1.0.9-164 Affected: 1.0.9-292 Affected: 1.0.9-302 Affected: 1.0.9-319 Affected: 1.0.9-343 Affected: 1.0.9-360 Affected: 1.0.9-361 Affected: 1.0.9-378 Affected: 1.0.9-389 Affected: 1.0.9-402 Affected: 1.0.9-428 Affected: 1.0.9-442 Affected: 1.0.9-456 Affected: 1.0.9-503 Affected: 1.0.9-536 Affected: 1.0.9-538 Affected: 1.0.9-558 Affected: 1.0.9-561 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20013",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-30T15:25:03.100326Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T21:41:55.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Intersight Virtual Appliance",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.9-113"
},
{
"status": "affected",
"version": "1.0.9-148"
},
{
"status": "affected",
"version": "1.0.9-230"
},
{
"status": "affected",
"version": "1.0.9-53"
},
{
"status": "affected",
"version": "1.0.9-7"
},
{
"status": "affected",
"version": "1.0.9-197"
},
{
"status": "affected",
"version": "1.0.9-170"
},
{
"status": "affected",
"version": "1.0.9-149"
},
{
"status": "affected",
"version": "1.0.9-278"
},
{
"status": "affected",
"version": "1.0.9-184"
},
{
"status": "affected",
"version": "1.0.9-232"
},
{
"status": "affected",
"version": "1.0.9-83"
},
{
"status": "affected",
"version": "1.0.9-90"
},
{
"status": "affected",
"version": "1.0.9-97"
},
{
"status": "affected",
"version": "1.0.9-125"
},
{
"status": "affected",
"version": "1.0.9-250"
},
{
"status": "affected",
"version": "1.0.9-77"
},
{
"status": "affected",
"version": "1.0.9-133"
},
{
"status": "affected",
"version": "1.0.9-67"
},
{
"status": "affected",
"version": "1.0.9-214"
},
{
"status": "affected",
"version": "1.0.9-103"
},
{
"status": "affected",
"version": "1.0.9-266"
},
{
"status": "affected",
"version": "1.0.9-13"
},
{
"status": "affected",
"version": "1.0.9-164"
},
{
"status": "affected",
"version": "1.0.9-292"
},
{
"status": "affected",
"version": "1.0.9-302"
},
{
"status": "affected",
"version": "1.0.9-319"
},
{
"status": "affected",
"version": "1.0.9-343"
},
{
"status": "affected",
"version": "1.0.9-360"
},
{
"status": "affected",
"version": "1.0.9-361"
},
{
"status": "affected",
"version": "1.0.9-378"
},
{
"status": "affected",
"version": "1.0.9-389"
},
{
"status": "affected",
"version": "1.0.9-402"
},
{
"status": "affected",
"version": "1.0.9-428"
},
{
"status": "affected",
"version": "1.0.9-442"
},
{
"status": "affected",
"version": "1.0.9-456"
},
{
"status": "affected",
"version": "1.0.9-503"
},
{
"status": "affected",
"version": "1.0.9-536"
},
{
"status": "affected",
"version": "1.0.9-538"
},
{
"status": "affected",
"version": "1.0.9-558"
},
{
"status": "affected",
"version": "1.0.9-561"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.\r\n\r These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:30.936Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
}
],
"source": {
"advisory": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
"defects": [
"CSCwc35159"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20013",
"datePublished": "2023-08-16T21:01:43.295Z",
"dateReserved": "2022-10-27T18:47:50.308Z",
"dateUpdated": "2024-11-21T21:41:55.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20017 (GCVE-0-2023-20017)
Vulnerability from nvd – Published: 2023-08-16 21:01 – Updated: 2024-08-02 08:57
VLAI?
Summary
Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.
These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.
Severity ?
6.5 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Intersight Virtual Appliance |
Affected:
1.0.9-113
Affected: 1.0.9-148 Affected: 1.0.9-230 Affected: 1.0.9-53 Affected: 1.0.9-7 Affected: 1.0.9-197 Affected: 1.0.9-170 Affected: 1.0.9-149 Affected: 1.0.9-278 Affected: 1.0.9-184 Affected: 1.0.9-232 Affected: 1.0.9-83 Affected: 1.0.9-90 Affected: 1.0.9-97 Affected: 1.0.9-125 Affected: 1.0.9-250 Affected: 1.0.9-77 Affected: 1.0.9-133 Affected: 1.0.9-67 Affected: 1.0.9-214 Affected: 1.0.9-103 Affected: 1.0.9-266 Affected: 1.0.9-13 Affected: 1.0.9-164 Affected: 1.0.9-292 Affected: 1.0.9-302 Affected: 1.0.9-319 Affected: 1.0.9-343 Affected: 1.0.9-360 Affected: 1.0.9-361 Affected: 1.0.9-378 Affected: 1.0.9-389 Affected: 1.0.9-402 Affected: 1.0.9-428 Affected: 1.0.9-442 Affected: 1.0.9-456 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:57:35.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Intersight Virtual Appliance",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.9-113"
},
{
"status": "affected",
"version": "1.0.9-148"
},
{
"status": "affected",
"version": "1.0.9-230"
},
{
"status": "affected",
"version": "1.0.9-53"
},
{
"status": "affected",
"version": "1.0.9-7"
},
{
"status": "affected",
"version": "1.0.9-197"
},
{
"status": "affected",
"version": "1.0.9-170"
},
{
"status": "affected",
"version": "1.0.9-149"
},
{
"status": "affected",
"version": "1.0.9-278"
},
{
"status": "affected",
"version": "1.0.9-184"
},
{
"status": "affected",
"version": "1.0.9-232"
},
{
"status": "affected",
"version": "1.0.9-83"
},
{
"status": "affected",
"version": "1.0.9-90"
},
{
"status": "affected",
"version": "1.0.9-97"
},
{
"status": "affected",
"version": "1.0.9-125"
},
{
"status": "affected",
"version": "1.0.9-250"
},
{
"status": "affected",
"version": "1.0.9-77"
},
{
"status": "affected",
"version": "1.0.9-133"
},
{
"status": "affected",
"version": "1.0.9-67"
},
{
"status": "affected",
"version": "1.0.9-214"
},
{
"status": "affected",
"version": "1.0.9-103"
},
{
"status": "affected",
"version": "1.0.9-266"
},
{
"status": "affected",
"version": "1.0.9-13"
},
{
"status": "affected",
"version": "1.0.9-164"
},
{
"status": "affected",
"version": "1.0.9-292"
},
{
"status": "affected",
"version": "1.0.9-302"
},
{
"status": "affected",
"version": "1.0.9-319"
},
{
"status": "affected",
"version": "1.0.9-343"
},
{
"status": "affected",
"version": "1.0.9-360"
},
{
"status": "affected",
"version": "1.0.9-361"
},
{
"status": "affected",
"version": "1.0.9-378"
},
{
"status": "affected",
"version": "1.0.9-389"
},
{
"status": "affected",
"version": "1.0.9-402"
},
{
"status": "affected",
"version": "1.0.9-428"
},
{
"status": "affected",
"version": "1.0.9-442"
},
{
"status": "affected",
"version": "1.0.9-456"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.\r\n\r These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:57:31.634Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
}
],
"source": {
"advisory": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
"defects": [
"CSCwc35166"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20017",
"datePublished": "2023-08-16T21:01:28.215Z",
"dateReserved": "2022-10-27T18:47:50.308Z",
"dateUpdated": "2024-08-02T08:57:35.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}