Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure Command Injection Vulnerabilities

cisco-sa-adeos-MLAyEcvk · High · Published · Updated

Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.  Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-adeos-MLAyEcvk

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address these vulnerabilities.

CVEsCVE-2023-20121, CVE-2023-20122
Cisco Bug IDsCSCwd07345, CSCwd41018, CSCwe07088, CSCwe07091, CSCwd07351
CVSS ScoreBase 6.0
Base 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:X/RL:X/RC:X
Base 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Identity Services Engine Software, Cisco Prime Infrastructure, Cisco Evolved Programmable Network Manager (EPNM)

Related Products

Product CVE Evidence
Cisco Prime Infrastructure CVE-2023-20122 Cisco OpenVuln
Cisco Prime Infrastructure CVE-2023-20121 Cisco OpenVuln
Cisco Identity Services Engine Software CVE-2023-20122 Cisco OpenVuln
Cisco Identity Services Engine Software CVE-2023-20121 Cisco OpenVuln
Cisco Evolved Programmable Network Manager (EPNM) CVE-2023-20122 Cisco OpenVuln
Cisco Evolved Programmable Network Manager (EPNM) CVE-2023-20121 Cisco OpenVuln