CVE-2023-20013

Name of the Vulnerable Software and Affected Versions Cisco Intersight Private Virtual Appliance (affected versions not specified)

Description The issue is due to insufficient input validation when extracting uploaded software packages, allowing an authenticated, remote attacker with Administrator privileges to execute arbitrary commands using root-level privileges. This can be achieved by uploading a crafted software package to an affected device. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.