FKIE_CVE-2023-20210

Vulnerability from fkie_nvd - Published: 2023-07-12 14:15 - Updated: 2024-11-21 07:40
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device.
References
psirt@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXWVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXWVendor Advisory
Impacted products
Vendor Product Version
cisco broadworks_application_delivery_platform_firmware 23.0
cisco broadworks_application_delivery_platform_firmware 24.0
cisco broadworks_application_delivery_platform_firmware 25.0
cisco broadworks_application_delivery_platform -
cisco broadworks_application_server_firmware 23.0
cisco broadworks_application_server_firmware 24.0
cisco broadworks_application_server_firmware 25.0
cisco broadworks_application_server -
cisco broadworks_database_server_firmware 23.0
cisco broadworks_database_server_firmware 24.0
cisco broadworks_database_server_firmware 25.0
cisco broadworks_database_server -
cisco broadworks_database_troubleshooting_server_firmware 23.0
cisco broadworks_database_troubleshooting_server_firmware 24.0
cisco broadworks_database_troubleshooting_server_firmware 25.0
cisco broadworks_database_troubleshooting_server -
cisco broadworks_execution_server_firmware 23.0
cisco broadworks_execution_server_firmware 24.0
cisco broadworks_execution_server_firmware 25.0
cisco broadworks_execution_server -
cisco broadworks_media_server_firmware 23.0
cisco broadworks_media_server_firmware 24.0
cisco broadworks_media_server_firmware 25.0
cisco broadworks_media_server -
cisco broadworks_messaging_server_firmware 23.0
cisco broadworks_messaging_server_firmware 24.0
cisco broadworks_messaging_server_firmware 25.0
cisco broadworks_messaging_server -
cisco broadworks_network_database_server_firmware 23.0
cisco broadworks_network_database_server_firmware 24.0
cisco broadworks_network_database_server_firmware 25.0
cisco broadworks_network_database_server -
cisco broadworks_network_function_manager_firmware 23.0
cisco broadworks_network_function_manager_firmware 24.0
cisco broadworks_network_function_manager_firmware 25.0
cisco broadworks_network_function_manager -
cisco broadworks_network_server_firmware 23.0
cisco broadworks_network_server_firmware 24.0
cisco broadworks_network_server_firmware 25.0
cisco broadworks_network_server -
cisco broadworks_profile_server_firmware 23.0
cisco broadworks_profile_server_firmware 24.0
cisco broadworks_profile_server_firmware 25.0
cisco broadworks_profile_server -
cisco broadworks_service_control_function_server_firmware 23.0
cisco broadworks_service_control_function_server_firmware 24.0
cisco broadworks_service_control_function_server_firmware 25.0
cisco broadworks_service_control_function_server -
cisco broadworks_sharing_server_firmware 23.0
cisco broadworks_sharing_server_firmware 24.0
cisco broadworks_sharing_server_firmware 25.0
cisco broadworks_sharing_server -
cisco broadworks_video_server_firmware 23.0
cisco broadworks_video_server_firmware 24.0
cisco broadworks_video_server_firmware 25.0
cisco broadworks_video_server -
cisco broadworks_webrtc_server_firmware 23.0
cisco broadworks_webrtc_server_firmware 24.0
cisco broadworks_webrtc_server_firmware 25.0
cisco broadworks_webrtc_server -
cisco broadworks_xtended_services_platform_firmware 23.0
cisco broadworks_xtended_services_platform_firmware 24.0
cisco broadworks_xtended_services_platform_firmware 25.0
cisco broadworks_xtended_services_platform -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_application_delivery_platform_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CDF6D51-FF53-4F81-9609-9ADC2F9B4E9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_application_delivery_platform_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F2C7C8D-4A8F-47F8-BD52-02B9381BA452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_application_delivery_platform_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BADCEEA-9E45-4B49-8234-A874D5C47E21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_application_delivery_platform:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17CDB68D-72F2-4A67-969D-AB093F4B2527",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_application_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2CCE1A7-DD95-45FA-B82D-7E7681131447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_application_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "595D1BB0-8545-444B-8CB3-92A1BC646437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_application_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD6DF734-B36E-4CAC-A9B0-0829CE88CF7C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_application_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE31A7A6-45A7-44BC-A9EE-A193BB15AA1C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_database_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF31D4CA-E2C3-4FC9-BA71-DB50644D0158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_database_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "358A3B7C-77FB-42BC-BA51-D936CA36E52D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_database_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC28F823-06DC-4BE4-89E8-0D76A01472E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_database_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "30CB65C5-E160-4459-B16B-78FD71FFE549",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_database_troubleshooting_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8566E4D-47F0-4B3C-BB39-67C5D57A292B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_database_troubleshooting_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3C82E9E-9B6B-4B9A-B5C3-020352AC2D76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_database_troubleshooting_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74A40E6E-FE9F-412D-88FD-90AEDE55AAB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_database_troubleshooting_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "313B4B45-666C-48F1-ABAE-056247C5BFD0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_execution_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "720FC8C3-3222-4FAC-B052-3C11E70E4CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_execution_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE3994FF-091A-487A-A85E-597797185937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_execution_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF5375C4-D15C-49B8-8833-BDDABA76804E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_execution_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE222212-E176-444E-89E8-00B506CE648B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_media_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EAB828D-E0BE-44E9-A659-EB1D0807401A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_media_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "983911BD-E602-4ED2-AE47-27F059F66A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_media_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF181A6-5A46-426C-9C8A-C445A47E3D66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_media_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E47499AE-1115-48A3-B48C-9064C60FAB70",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_messaging_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D5FC69-B787-4263-AE14-02307B9539CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_messaging_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA89033-CABE-4DB3-8B42-63889ABBE11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_messaging_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC9E9FF-0DC8-4437-8578-0FDA55F93A7E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_messaging_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "90CB7EDC-291B-49AC-B0BF-B13833D503FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_database_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E98249C-02C4-43ED-8314-4A9B73A4F349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_database_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C1560DD-2523-4BA1-AAA6-7DD1232743ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_database_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6400EF54-92D4-4CC4-86D3-05983E279BB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_network_database_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0338AF8-F431-4DFD-871E-77FD5A8BC0C4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_function_manager_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ED75C3C-3D16-4756-8E67-D74F49659BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_function_manager_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D167D62-1392-4D01-8818-74F2B47656FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_function_manager_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A17B1382-7070-42C4-B42D-B8DA04847EFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_network_function_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE40758F-56F2-4C7E-B614-2B2DDEFDE03F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28898C00-203A-4309-B7C3-E61A06AA82AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "75AE58C6-46B7-4C40-8C3B-460E5C7D1BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBB178D9-1775-4CFB-B246-D996C0A5BD8E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_network_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2462A0CA-3112-431D-A1D8-F40D99824ED6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_profile_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E035554A-5B8B-458A-9B61-4DCC854B5BEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_profile_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C76642D-5125-434F-B835-3F2FCA1ADD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_profile_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC59FF23-541E-4496-86C0-3F7770CE8601",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_profile_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B2B0ED-0A3C-42FA-9532-E375D6979435",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_service_control_function_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C2F1BB8-563F-4E3C-8C19-B3C2CA5D6A3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_service_control_function_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A68B5DAD-4881-4ACC-8829-8856F8C360AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_service_control_function_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0DB64E9-AFF7-4176-8DA5-5D5A56A1B4BC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_service_control_function_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "48FDE907-B2EC-4390-96C9-0C0E2A1A17D5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_sharing_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FBD60F-05F8-427E-8DA6-A9AB498F44BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_sharing_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EF12A5-11D1-4B35-ACD2-B353F347AD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_sharing_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B75518-3D13-47CA-927D-12D813246128",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_sharing_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9EFCC-0F1A-4867-9DE9-7A01FB880701",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_video_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8E60AFC-0658-46E4-AE54-8D588CD0EC34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_video_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA8472C8-F0E9-46A1-A617-637800F00F69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_video_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28B1BA21-2859-4942-9EF9-A5E2D15B85DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_video_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8470F28E-49FC-4C95-BE9A-2F54E8AA2DFB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_webrtc_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "444BA319-2679-4342-98B0-C6E14B1C1F0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_webrtc_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC2345B0-08A4-4EA4-8952-9C53C1A83B83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_webrtc_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95D5D2F-5470-4F12-8838-B2024307D3FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_webrtc_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "481B20C2-65AE-4A03-9CB2-0AA74978C85A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_xtended_services_platform_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1DC218C-B490-4163-81C4-A693E3DD8ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_xtended_services_platform_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "18324056-77F4-43A2-B5D2-BCD414E7D907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_xtended_services_platform_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12070486-7EC8-4103-A1A2-F6FD1A79DCE6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_xtended_services_platform:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4400D87-8862-421C-BAF4-E2481ACEDE4D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device.\r\n\r The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device."
    }
  ],
  "id": "CVE-2023-20210",
  "lastModified": "2024-11-21T07:40:51.007",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.2,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-12T14:15:09.873",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-250"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.