Published: 12/07/2023 Updated: 25/01/2024

CVSS v3 Base Score: 6 | Impact Score: 5.2 | Exploitability Score: 0.8

VMScore: 0

A vulnerability in Cisco BroadWorks could allow an authenticated, local malicious user to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the malicious user to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco broadworks_application_delivery_platform_firmware 23.0
cisco broadworks_application_delivery_platform_firmware 24.0
cisco broadworks_application_delivery_platform_firmware 25.0
cisco broadworks_application_server_firmware 23.0
cisco broadworks_application_server_firmware 24.0
cisco broadworks_application_server_firmware 25.0
cisco broadworks_database_server_firmware 23.0
cisco broadworks_database_server_firmware 24.0
cisco broadworks_database_server_firmware 25.0
cisco broadworks_database_troubleshooting_server_firmware 23.0
cisco broadworks_database_troubleshooting_server_firmware 24.0
cisco broadworks_database_troubleshooting_server_firmware 25.0
cisco broadworks_execution_server_firmware 23.0
cisco broadworks_execution_server_firmware 24.0
cisco broadworks_execution_server_firmware 25.0
cisco broadworks_media_server_firmware 23.0
cisco broadworks_media_server_firmware 24.0
cisco broadworks_media_server_firmware 25.0
cisco broadworks_messaging_server_firmware 23.0
cisco broadworks_messaging_server_firmware 24.0
cisco broadworks_messaging_server_firmware 25.0
cisco broadworks_network_database_server_firmware 23.0
cisco broadworks_network_database_server_firmware 24.0
cisco broadworks_network_database_server_firmware 25.0
cisco broadworks_network_function_manager_firmware 23.0
cisco broadworks_network_function_manager_firmware 24.0
cisco broadworks_network_function_manager_firmware 25.0
cisco broadworks_network_server_firmware 23.0
cisco broadworks_network_server_firmware 24.0
cisco broadworks_network_server_firmware 25.0
cisco broadworks_profile_server_firmware 23.0
cisco broadworks_profile_server_firmware 24.0
cisco broadworks_profile_server_firmware 25.0
cisco broadworks_service_control_function_server_firmware 23.0
cisco broadworks_service_control_function_server_firmware 24.0
cisco broadworks_service_control_function_server_firmware 25.0
cisco broadworks_sharing_server_firmware 23.0
cisco broadworks_sharing_server_firmware 24.0
cisco broadworks_sharing_server_firmware 25.0
cisco broadworks_video_server_firmware 23.0
cisco broadworks_video_server_firmware 24.0
cisco broadworks_video_server_firmware 25.0
cisco broadworks_webrtc_server_firmware 23.0
cisco broadworks_webrtc_server_firmware 24.0
cisco broadworks_webrtc_server_firmware 25.0
cisco broadworks_xtended_services_platform_firmware 23.0
cisco broadworks_xtended_services_platform_firmware 24.0
cisco broadworks_xtended_services_platform_firmware 25.0

A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device The vulnerability is due to insufficient input validation by the operating system CLI An attacker could exploit this vulnerability by issuing a crafted command to the affected system A successful exploit c ...

NVD-CWE-noinfo https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW https://nvd.nist.gov https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW

CVE-2023-20210

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect