CVE-2023-20017

Name of the Vulnerable Software and Affected Versions Cisco Intersight Private Virtual Appliance (affected versions not specified)

Description The issue is due to insufficient input validation when extracting uploaded software packages, allowing an authenticated, remote attacker with Administrator privileges to execute arbitrary commands using root-level privileges. An attacker could exploit this by authenticating to an affected device and uploading a crafted software package, potentially executing commands on the underlying operating system with root-level privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.