Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.
References
| Link | Resource |
|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-adeos-MLAyEcvk | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
12 Apr 2023, 02:24
| Type | Values Removed | Values Added |
|---|---|---|
| References | (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-adeos-MLAyEcvk - Vendor Advisory | |
| CWE | CWE-78 | |
| First Time |
Cisco prime Infrastructure
Cisco evolved Programmable Network Manager Cisco identity Services Engine Cisco |
|
| CPE | cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.7 |
05 Apr 2023, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-04-05 19:15
Updated : 2023-11-07 04:06
NVD link : CVE-2023-20121
Mitre link : CVE-2023-20121
JSON object : View
Products Affected
cisco
- prime_infrastructure
- identity_services_engine
- evolved_programmable_network_manager
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')