CVE-2023-20121

Name of the Vulnerable Software and Affected Versions Cisco Evolved Programmable Network Manager (affected versions not specified) Cisco Identity Services Engine (affected versions not specified) Cisco Prime Infrastructure (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the restricted shell of the affected Cisco products. These vulnerabilities could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. The vulnerabilities exist due to the lack of measures to neutralize special elements used in the operating system command.

Recommendations For Cisco Evolved Programmable Network Manager, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco Identity Services Engine, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco Prime Infrastructure, at the moment, there is no information about a newer version that contains a fix for this vulnerability.