CVE-2023-20121

Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:identity_services_engine:3.2:-:*:*:*:*:*:*
cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:40

Type Values Removed Values Added
New CVE

Information

Published : 2023-04-05 19:15

Updated : 2024-11-21 07:40


NVD link : CVE-2023-20121

Mitre link : CVE-2023-20121

CVE.ORG link : CVE-2023-20121


JSON object : View

Products Affected

cisco

  • identity_services_engine
  • prime_infrastructure
  • evolved_programmable_network_manager
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')