Rewterz Threat Advisory – CVE-2023-20030 – Cisco Identity Services Engine Vulnerability
February 2, 2023Rewterz Threat Advisory – CVE-2023-20073 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Vulnerability
February 2, 2023Rewterz Threat Advisory – CVE-2023-20030 – Cisco Identity Services Engine Vulnerability
February 2, 2023Rewterz Threat Advisory – CVE-2023-20073 – Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Vulnerability
February 2, 2023Severity
Medium
Analysis Summary
CVE-2023-20022 CVSS:6
Cisco ISE Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper validation of user-supplied input. By sending a specially-crafted CLI command, an authenticated attacker could exploit this vulnerability to gain elevate privileges to root.
CVE-2023-20021 CVSS:6
Cisco ISE Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper validation of user-supplied input. By sending a specially-crafted CLI command, an authenticated attacker could exploit this vulnerability to gain elevate privileges to root.
CVE-2023-20023 CVSS:6
Cisco ISE Software could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper validation of user-supplied input. By sending a specially-crafted CLI command, an authenticated attacker could exploit this vulnerability to gain elevate privileges to root.
Impact
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2023-20022
- CVE-2023-20021
- CVE-2023-20023
Affected Vendors
Cisco
Affected Products
- Cisco Identity Services Engine (ISE)
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.