CVE-2023-20237

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-20237
A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqb Patch Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqb Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*
OR cpe:2.3:a:cisco:intersight_assist:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intersight_connected_virtual_appliance:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intersight_private_virtual_appliance:-:*:*:*:*:*:*:*
History

21 Nov 2024, 07:40

Type Values Removed Values Added
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqb - Patch, Vendor Advisory () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqb - Patch, Vendor Advisory

25 Aug 2023, 16:32

Type Values Removed Values Added
CWE CWE-77
CPE cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intersight_private_virtual_appliance:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intersight_assist:-:*:*:*:*:*:*:*
cpe:2.3:a:cisco:intersight_connected_virtual_appliance:-:*:*:*:*:*:*:*
First Time Cisco intersight Private Virtual Appliance
Cisco intersight Connected Virtual Appliance
Cisco intersight Virtual Appliance
Cisco intersight Assist
Cisco
References (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqb - (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-intersight-forward-C45ncgqb - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.3

16 Aug 2023, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-16 22:15

Updated : 2024-11-21 07:40

NVD link : CVE-2023-20237

Mitre link : CVE-2023-20237

CVE.ORG link : CVE-2023-20237

JSON object : View

Products Affected

cisco

  • intersight_private_virtual_appliance
  • intersight_connected_virtual_appliance
  • intersight_assist
  • intersight_virtual_appliance
CWE
CWE-284

Improper Access Control

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')