CVE-2023-20210

Published: 12/07/2023 Updated: 25/01/2024

CVSS v3 Base Score: 6 | Impact Score: 5.2 | Exploitability Score: 0.8

VMScore: 0

A vulnerability in Cisco BroadWorks could allow an authenticated, local malicious user to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the malicious user to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco broadworks application delivery platform firmware 23.0
cisco broadworks application delivery platform firmware 24.0
cisco broadworks application delivery platform firmware 25.0
cisco broadworks application server firmware 23.0
cisco broadworks application server firmware 24.0
cisco broadworks application server firmware 25.0
cisco broadworks database server firmware 23.0
cisco broadworks database server firmware 24.0
cisco broadworks database server firmware 25.0
cisco broadworks database troubleshooting server firmware 23.0
cisco broadworks database troubleshooting server firmware 24.0
cisco broadworks database troubleshooting server firmware 25.0
cisco broadworks execution server firmware 23.0
cisco broadworks execution server firmware 24.0
cisco broadworks execution server firmware 25.0
cisco broadworks media server firmware 23.0
cisco broadworks media server firmware 24.0
cisco broadworks media server firmware 25.0
cisco broadworks messaging server firmware 23.0
cisco broadworks messaging server firmware 24.0
cisco broadworks messaging server firmware 25.0
cisco broadworks network database server firmware 23.0
cisco broadworks network database server firmware 24.0
cisco broadworks network database server firmware 25.0
cisco broadworks network function manager firmware 23.0
cisco broadworks network function manager firmware 24.0
cisco broadworks network function manager firmware 25.0
cisco broadworks network server firmware 23.0
cisco broadworks network server firmware 24.0
cisco broadworks network server firmware 25.0
cisco broadworks profile server firmware 23.0
cisco broadworks profile server firmware 24.0
cisco broadworks profile server firmware 25.0
cisco broadworks service control function server firmware 23.0
cisco broadworks service control function server firmware 24.0
cisco broadworks service control function server firmware 25.0
cisco broadworks sharing server firmware 23.0
cisco broadworks sharing server firmware 24.0
cisco broadworks sharing server firmware 25.0
cisco broadworks video server firmware 23.0
cisco broadworks video server firmware 24.0
cisco broadworks video server firmware 25.0
cisco broadworks webrtc server firmware 23.0
cisco broadworks webrtc server firmware 24.0
cisco broadworks webrtc server firmware 25.0
cisco broadworks xtended services platform firmware 23.0
cisco broadworks xtended services platform firmware 24.0
cisco broadworks xtended services platform firmware 25.0

A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device The vulnerability is due to insufficient input validation by the operating system CLI An attacker could exploit this vulnerability by issuing a crafted command to the affected system A successful exploit c ...

NVD-CWE-noinfo https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW https://nvd.nist.gov https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW

CVE-2023-20210

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect