PT-2023-4613 · Cisco · Cisco Thousandeyes Enterprise Agent

Jim Becher

Publicado

2023-08-16

Atualizado

2024-01-25

CVE-2023-20224

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type (affected versions not specified)

Description A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker to elevate privileges to root on an affected device. This issue is due to insufficient input validation of user-supplied CLI arguments. An attacker could exploit this by authenticating to the device and using crafted commands at the prompt, potentially allowing the execution of arbitrary commands as root. The attacker must have valid credentials on the affected device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Access Control

Argument Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-88

Identificadores relacionados

BDU:2023-05020

CVE-2023-20224

Produtos afetados

Cisco Thousandeyes Enterprise Agent

PT-2023-4613 · Cisco · Cisco Thousandeyes Enterprise Agent

CVE-2023-20224

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 14