CVE-2023-20237

A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level.

Severity	MEDIUM
CVSS	4.3
CWE	CWE-284
KEV
Published	2 years ago
Modified	1 year ago

Related Products

Product	Advisory	Evidence
Cisco Intersight Virtual Appliance	cisco-sa-intersight-forward-C45ncgqb	Cisco OpenVuln