CVE-2023-20075

6.7MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Secure Email
Vendor: CVE Published:; 1 March 2023

Summary

Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands.

These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials.

Affected Version(s)

Cisco Secure Email 13.0.0-392

Cisco Secure Email 13.5.1-277

Cisco Secure Email 12.5.0-066

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 1, 2023
Vulnerability Reserved
Oct 27, 2022