Cisco IND Vulnerability Could Allow Local Attacker to Read Sensitive Information
CVE-2023-20039

5.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Industrial Network Director
Vendor: CVE Published:; 15 November 2024

Summary

A local vulnerability in Cisco IND is attributed to inadequate default file permissions assigned to the application data directory. This weakness permits authenticated users to gain unauthorized access to sensitive files contained within the directory. By exploiting this flaw, attackers may potentially view confidential information, leading to data breaches. Cisco has provided software updates to mitigate this security concern effectively, as no workaround is viable. Users of Cisco IND are encouraged to apply the latest updates to safeguard their systems against potential exploitation.

Affected Version(s)

Cisco Industrial Network Director 1.3.1

Cisco Industrial Network Director 1.6.0

Cisco Industrial Network Director 1.7.0

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024
Vulnerability Reserved
Oct 27, 2022