cve-2023-20009
Vulnerability from cvelistv5
Published
2023-02-16 15:25
Modified
2024-08-02 08:57
Severity ?
EPSS score ?
Summary
A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a [[privilege of operator - validate actual name]].
The vulnerability is due to the processing of a specially crafted SNMP configuration file. An attacker could exploit this vulnerability by authenticating to the targeted device and uploading a specially crafted SNMP configuration file that when uploaded could allow for the execution of commands as root. An exploit could allow the attacker to gain root access on the device.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Cisco | Cisco Secure Email | |
Cisco | Cisco Secure Email and Web Manager |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T08:57:35.597Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-esa-sma-privesc-9DVkFpJ8", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-privesc-9DVkFpJ8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Cisco Secure Email", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "11.0.3-238" }, { "status": "affected", "version": "11.1.0-069" }, { "status": "affected", "version": "11.1.0-131" }, { "status": "affected", "version": "11.1.0-128" }, { "status": "affected", "version": "12.0.0-419" }, { "status": "affected", "version": "12.1.0-071" }, { "status": "affected", "version": "12.1.0-087" }, { "status": "affected", "version": "12.1.0-089" }, { "status": "affected", "version": "13.0.0-392" }, { "status": "affected", "version": "13.5.1-277" }, { "status": "affected", "version": "12.5.0-066" }, { "status": "affected", "version": "14.0.0-698" }, { "status": "affected", "version": "14.2.0-620" } ] }, { "product": "Cisco Secure Email and Web Manager", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "11.0.0-115" }, { "status": "affected", "version": "11.0.1-161" }, { "status": "affected", "version": "11.5.1-105" }, { "status": "affected", "version": "12.0.0-452" }, { "status": "affected", "version": "12.0.1-011" }, { "status": "affected", "version": "12.5.0-636" }, { "status": "affected", "version": "12.5.0-658" }, { "status": "affected", "version": "12.5.0-678" }, { "status": "affected", "version": "12.5.0-670" }, { "status": "affected", "version": "13.0.0-277" }, { "status": "affected", "version": "13.6.2-078" }, { "status": "affected", "version": "13.8.1-068" }, { "status": "affected", "version": "13.8.1-074" }, { "status": "affected", "version": "12.8.1-002" }, { "status": "affected", "version": "14.0.0-404" }, { "status": "affected", "version": "14.1.0-223" }, { "status": "affected", "version": "14.1.0-227" }, { "status": "affected", "version": "14.2.0-212" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a [[privilege of operator - validate actual name]].\r\n\r The vulnerability is due to the processing of a specially crafted SNMP configuration file. An attacker could exploit this vulnerability by authenticating to the targeted device and uploading a specially crafted SNMP configuration file that when uploaded could allow for the execution of commands as root. An exploit could allow the attacker to gain root access on the device." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-20", "description": "Improper Input Validation", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:57:30.327Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-esa-sma-privesc-9DVkFpJ8", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-privesc-9DVkFpJ8" } ], "source": { "advisory": "cisco-sa-esa-sma-privesc-9DVkFpJ8", "defects": [ "CSCwd29901", "CSCwd29905" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20009", "datePublished": "2023-02-16T15:25:13.820Z", "dateReserved": "2022-10-27T18:47:50.307Z", "dateUpdated": "2024-08-02T08:57:35.597Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-20009\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2023-03-01T08:15:11.767\",\"lastModified\":\"2024-01-25T17:15:24.400\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a [[privilege of operator - validate actual name]].\\r\\n\\r The vulnerability is due to the processing of a specially crafted SNMP configuration file. An attacker could exploit this vulnerability by authenticating to the targeted device and uploading a specially crafted SNMP configuration file that when uploaded could allow for the execution of commands as root. An exploit could allow the attacker to gain root access on the device.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:email_security_appliance:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.5.3-041\",\"matchCriteriaId\":\"DFF0842A-E854-4188-A561-56FEA052A553\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:email_security_appliance:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndExcluding\":\"13.0.5-007\",\"matchCriteriaId\":\"53BC2A26-68D8-44F5-8C36-22ECBD492F96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:email_security_appliance:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.5.0\",\"versionEndExcluding\":\"13.5.4-038\",\"matchCriteriaId\":\"E2720C1E-1AD6-4EB0-8BBC-7E23F069539B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:email_security_appliance:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndExcluding\":\"14.2.1-020\",\"matchCriteriaId\":\"5EA000FA-4AEA-4A05-883E-52333F4445FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:email_security_appliance:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.3.0\",\"versionEndExcluding\":\"14.3.0-032\",\"matchCriteriaId\":\"05D45B94-07E6-436D-8936-317463E77608\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_email_and_web_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.8.1-021\",\"matchCriteriaId\":\"9A15F884-ACBF-4CC8-BE9B-0369B600F378\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_email_and_web_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.8.0\",\"versionEndExcluding\":\"13.8.1-108\",\"matchCriteriaId\":\"26652060-E3C9-401B-A520-E1A768F76334\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_email_and_web_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndExcluding\":\"14.2.0-224\",\"matchCriteriaId\":\"6A32B4D8-F1A3-4233-AD64-CCC016E037C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:secure_email_and_web_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.3.0\",\"versionEndExcluding\":\"14.3.0-120\",\"matchCriteriaId\":\"28540076-CF1E-4584-BD17-929F4346FAA2\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-privesc-9DVkFpJ8\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.