CVE-2023-20013

Summary

Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco Intersight Virtual Appliance1.0.9-113affected
CiscoCisco Intersight Virtual Appliance1.0.9-148affected
CiscoCisco Intersight Virtual Appliance1.0.9-230affected
CiscoCisco Intersight Virtual Appliance1.0.9-53affected
CiscoCisco Intersight Virtual Appliance1.0.9-7affected
CiscoCisco Intersight Virtual Appliance1.0.9-197affected
CiscoCisco Intersight Virtual Appliance1.0.9-170affected
CiscoCisco Intersight Virtual Appliance1.0.9-149affected
CiscoCisco Intersight Virtual Appliance1.0.9-278affected
CiscoCisco Intersight Virtual Appliance1.0.9-184affected
CiscoCisco Intersight Virtual Appliance1.0.9-232affected
CiscoCisco Intersight Virtual Appliance1.0.9-83affected
CiscoCisco Intersight Virtual Appliance1.0.9-90affected
CiscoCisco Intersight Virtual Appliance1.0.9-97affected
CiscoCisco Intersight Virtual Appliance1.0.9-125affected
CiscoCisco Intersight Virtual Appliance1.0.9-250affected
CiscoCisco Intersight Virtual Appliance1.0.9-77affected
CiscoCisco Intersight Virtual Appliance1.0.9-133affected
CiscoCisco Intersight Virtual Appliance1.0.9-67affected
CiscoCisco Intersight Virtual Appliance1.0.9-214affected
CiscoCisco Intersight Virtual Appliance1.0.9-103affected
CiscoCisco Intersight Virtual Appliance1.0.9-266affected
CiscoCisco Intersight Virtual Appliance1.0.9-13affected
CiscoCisco Intersight Virtual Appliance1.0.9-164affected
CiscoCisco Intersight Virtual Appliance1.0.9-292affected
CiscoCisco Intersight Virtual Appliance1.0.9-302affected
CiscoCisco Intersight Virtual Appliance1.0.9-319affected
CiscoCisco Intersight Virtual Appliance1.0.9-343affected
CiscoCisco Intersight Virtual Appliance1.0.9-360affected
CiscoCisco Intersight Virtual Appliance1.0.9-361affected
CiscoCisco Intersight Virtual Appliance1.0.9-378affected
CiscoCisco Intersight Virtual Appliance1.0.9-389affected
CiscoCisco Intersight Virtual Appliance1.0.9-402affected
CiscoCisco Intersight Virtual Appliance1.0.9-428affected
CiscoCisco Intersight Virtual Appliance1.0.9-442affected
CiscoCisco Intersight Virtual Appliance1.0.9-456affected
CiscoCisco Intersight Virtual Appliance1.0.9-503affected
CiscoCisco Intersight Virtual Appliance1.0.9-536affected
CiscoCisco Intersight Virtual Appliance1.0.9-538affected
CiscoCisco Intersight Virtual Appliance1.0.9-558affected
CiscoCisco Intersight Virtual Appliance1.0.9-561affected

Weaknesses

  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References