CVE-2023-20039

Name of the Vulnerable Software and Affected Versions Cisco Industrial Network Director (affected versions not specified)

Description A vulnerability in the Cisco Industrial Network Director could allow an authenticated, local attacker to read application data due to insufficient default file permissions applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the application data directory, potentially allowing them to view sensitive information.

Recommendations For all affected versions, update to the latest software version released by Cisco that addresses this vulnerability. As a temporary workaround, consider restricting access to the application data directory to minimize the risk of exploitation. Avoid using the default file permissions in the application data directory until the issue is resolved. At the moment, there is no information about additional mitigation measures or workarounds that address this vulnerability.