CVE-2023-20122

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine (affected versions not specified) Cisco Evolved Programmable Network Manager (affected versions not specified) Cisco Prime Infrastructure (affected versions not specified)

Description The issue exists due to the failure to neutralize special elements used in an operating system command. This could allow an attacker to elevate their privileges. Multiple vulnerabilities in the restricted shell of the affected products could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system.

Recommendations For Cisco Identity Services Engine, consider disabling the restricted shell until a patch is available. For Cisco Evolved Programmable Network Manager, restrict access to the underlying operating system to minimize the risk of exploitation. For Cisco Prime Infrastructure, avoid using the restricted shell in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.