Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for intersight_private_virtual_appliance by cisco

    CVE-2023-20017 (GCVE-0-2023-20017)

    Vulnerability from nvd – Published: 2023-08-16 21:01 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Intersight Virtual Appliance Affected: 1.0.9-113
    Affected: 1.0.9-148
    Affected: 1.0.9-230
    Affected: 1.0.9-53
    Affected: 1.0.9-7
    Affected: 1.0.9-197
    Affected: 1.0.9-170
    Affected: 1.0.9-149
    Affected: 1.0.9-278
    Affected: 1.0.9-184
    Affected: 1.0.9-232
    Affected: 1.0.9-83
    Affected: 1.0.9-90
    Affected: 1.0.9-97
    Affected: 1.0.9-125
    Affected: 1.0.9-250
    Affected: 1.0.9-77
    Affected: 1.0.9-133
    Affected: 1.0.9-67
    Affected: 1.0.9-214
    Affected: 1.0.9-103
    Affected: 1.0.9-266
    Affected: 1.0.9-13
    Affected: 1.0.9-164
    Affected: 1.0.9-292
    Affected: 1.0.9-302
    Affected: 1.0.9-319
    Affected: 1.0.9-343
    Affected: 1.0.9-360
    Affected: 1.0.9-361
    Affected: 1.0.9-378
    Affected: 1.0.9-389
    Affected: 1.0.9-402
    Affected: 1.0.9-428
    Affected: 1.0.9-442
    Affected: 1.0.9-456
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.562Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Intersight Virtual Appliance",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.9-113"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-148"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-230"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-53"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-7"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-197"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-170"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-149"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-278"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-184"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-232"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-83"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-90"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-97"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-125"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-250"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-77"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-133"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-67"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-214"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-103"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-266"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-13"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-164"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-292"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-302"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-319"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-343"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-360"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-361"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-378"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-389"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-402"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-428"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-442"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-456"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.\r\n\r These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:31.634Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
            "defects": [
              "CSCwc35166"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20017",
        "datePublished": "2023-08-16T21:01:28.215Z",
        "dateReserved": "2022-10-27T18:47:50.308Z",
        "dateUpdated": "2024-08-02T08:57:35.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20013 (GCVE-0-2023-20013)

    Vulnerability from nvd – Published: 2023-08-16 21:01 – Updated: 2024-11-21 21:41
    VLAI
    Summary
    Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Intersight Virtual Appliance Affected: 1.0.9-113
    Affected: 1.0.9-148
    Affected: 1.0.9-230
    Affected: 1.0.9-53
    Affected: 1.0.9-7
    Affected: 1.0.9-197
    Affected: 1.0.9-170
    Affected: 1.0.9-149
    Affected: 1.0.9-278
    Affected: 1.0.9-184
    Affected: 1.0.9-232
    Affected: 1.0.9-83
    Affected: 1.0.9-90
    Affected: 1.0.9-97
    Affected: 1.0.9-125
    Affected: 1.0.9-250
    Affected: 1.0.9-77
    Affected: 1.0.9-133
    Affected: 1.0.9-67
    Affected: 1.0.9-214
    Affected: 1.0.9-103
    Affected: 1.0.9-266
    Affected: 1.0.9-13
    Affected: 1.0.9-164
    Affected: 1.0.9-292
    Affected: 1.0.9-302
    Affected: 1.0.9-319
    Affected: 1.0.9-343
    Affected: 1.0.9-360
    Affected: 1.0.9-361
    Affected: 1.0.9-378
    Affected: 1.0.9-389
    Affected: 1.0.9-402
    Affected: 1.0.9-428
    Affected: 1.0.9-442
    Affected: 1.0.9-456
    Affected: 1.0.9-503
    Affected: 1.0.9-536
    Affected: 1.0.9-538
    Affected: 1.0.9-558
    Affected: 1.0.9-561
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.546Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20013",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-30T15:25:03.100326Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T21:41:55.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Intersight Virtual Appliance",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.9-113"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-148"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-230"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-53"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-7"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-197"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-170"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-149"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-278"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-184"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-232"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-83"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-90"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-97"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-125"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-250"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-77"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-133"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-67"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-214"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-103"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-266"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-13"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-164"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-292"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-302"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-319"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-343"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-360"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-361"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-378"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-389"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-402"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-428"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-442"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-456"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-503"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-536"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-538"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-558"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-561"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.\r\n\r These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:30.936Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
            "defects": [
              "CSCwc35159"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20013",
        "datePublished": "2023-08-16T21:01:43.295Z",
        "dateReserved": "2022-10-27T18:47:50.308Z",
        "dateUpdated": "2024-11-21T21:41:55.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20013 (GCVE-0-2023-20013)

    Vulnerability from cvelistv5 – Published: 2023-08-16 21:01 – Updated: 2024-11-21 21:41
    VLAI
    Summary
    Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Intersight Virtual Appliance Affected: 1.0.9-113
    Affected: 1.0.9-148
    Affected: 1.0.9-230
    Affected: 1.0.9-53
    Affected: 1.0.9-7
    Affected: 1.0.9-197
    Affected: 1.0.9-170
    Affected: 1.0.9-149
    Affected: 1.0.9-278
    Affected: 1.0.9-184
    Affected: 1.0.9-232
    Affected: 1.0.9-83
    Affected: 1.0.9-90
    Affected: 1.0.9-97
    Affected: 1.0.9-125
    Affected: 1.0.9-250
    Affected: 1.0.9-77
    Affected: 1.0.9-133
    Affected: 1.0.9-67
    Affected: 1.0.9-214
    Affected: 1.0.9-103
    Affected: 1.0.9-266
    Affected: 1.0.9-13
    Affected: 1.0.9-164
    Affected: 1.0.9-292
    Affected: 1.0.9-302
    Affected: 1.0.9-319
    Affected: 1.0.9-343
    Affected: 1.0.9-360
    Affected: 1.0.9-361
    Affected: 1.0.9-378
    Affected: 1.0.9-389
    Affected: 1.0.9-402
    Affected: 1.0.9-428
    Affected: 1.0.9-442
    Affected: 1.0.9-456
    Affected: 1.0.9-503
    Affected: 1.0.9-536
    Affected: 1.0.9-538
    Affected: 1.0.9-558
    Affected: 1.0.9-561
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.546Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20013",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-30T15:25:03.100326Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T21:41:55.773Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Intersight Virtual Appliance",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.9-113"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-148"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-230"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-53"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-7"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-197"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-170"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-149"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-278"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-184"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-232"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-83"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-90"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-97"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-125"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-250"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-77"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-133"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-67"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-214"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-103"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-266"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-13"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-164"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-292"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-302"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-319"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-343"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-360"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-361"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-378"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-389"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-402"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-428"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-442"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-456"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-503"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-536"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-538"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-558"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-561"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.\r\n\r These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:30.936Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
            "defects": [
              "CSCwc35159"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20013",
        "datePublished": "2023-08-16T21:01:43.295Z",
        "dateReserved": "2022-10-27T18:47:50.308Z",
        "dateUpdated": "2024-11-21T21:41:55.773Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20017 (GCVE-0-2023-20017)

    Vulnerability from cvelistv5 – Published: 2023-08-16 21:01 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Intersight Virtual Appliance Affected: 1.0.9-113
    Affected: 1.0.9-148
    Affected: 1.0.9-230
    Affected: 1.0.9-53
    Affected: 1.0.9-7
    Affected: 1.0.9-197
    Affected: 1.0.9-170
    Affected: 1.0.9-149
    Affected: 1.0.9-278
    Affected: 1.0.9-184
    Affected: 1.0.9-232
    Affected: 1.0.9-83
    Affected: 1.0.9-90
    Affected: 1.0.9-97
    Affected: 1.0.9-125
    Affected: 1.0.9-250
    Affected: 1.0.9-77
    Affected: 1.0.9-133
    Affected: 1.0.9-67
    Affected: 1.0.9-214
    Affected: 1.0.9-103
    Affected: 1.0.9-266
    Affected: 1.0.9-13
    Affected: 1.0.9-164
    Affected: 1.0.9-292
    Affected: 1.0.9-302
    Affected: 1.0.9-319
    Affected: 1.0.9-343
    Affected: 1.0.9-360
    Affected: 1.0.9-361
    Affected: 1.0.9-378
    Affected: 1.0.9-389
    Affected: 1.0.9-402
    Affected: 1.0.9-428
    Affected: 1.0.9-442
    Affected: 1.0.9-456
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.562Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Intersight Virtual Appliance",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.9-113"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-148"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-230"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-53"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-7"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-197"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-170"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-149"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-278"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-184"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-232"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-83"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-90"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-97"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-125"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-250"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-77"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-133"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-67"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-214"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-103"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-266"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-13"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-164"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-292"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-302"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-319"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-343"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-360"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-361"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-378"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-389"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-402"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-428"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-442"
                },
                {
                  "status": "affected",
                  "version": "1.0.9-456"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities.\r\n\r These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of these vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:31.634Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ivpa-cmdinj-C5XRbbOy"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ivpa-cmdinj-C5XRbbOy",
            "defects": [
              "CSCwc35166"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20017",
        "datePublished": "2023-08-16T21:01:28.215Z",
        "dateReserved": "2022-10-27T18:47:50.308Z",
        "dateUpdated": "2024-08-02T08:57:35.562Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }