Cisco IND Vulnerability Could Allow Local Attacker to Read Sensitive Information
CVE-2023-20039
5.5MEDIUM
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 15 November 2024
What is CVE-2023-20039?
A local vulnerability in Cisco IND is attributed to inadequate default file permissions assigned to the application data directory. This weakness permits authenticated users to gain unauthorized access to sensitive files contained within the directory. By exploiting this flaw, attackers may potentially view confidential information, leading to data breaches. Cisco has provided software updates to mitigate this security concern effectively, as no workaround is viable. Users of Cisco IND are encouraged to apply the latest updates to safeguard their systems against potential exploitation.
Affected Version(s)
Cisco Industrial Network Director 1.3.1
Cisco Industrial Network Director 1.6.0
Cisco Industrial Network Director 1.7.0