Privilege Escalation Vulnerability in Cisco Prime Infrastructure & Cisco Evolved Programmable Network Manager
CVE-2023-20260

6MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Prime Infrastructure; Cisco Evolved Programmable Network Manager (epnm)
Vendor: CVE Published:; 17 January 2024

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the application command line interface (CLI) of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager that permits an authenticated, local attacker to escalate privileges. This issue arises from the improper handling of command line arguments supplied to application scripts. By executing specific commands on the CLI with crafted options, an attacker could potentially exploit this vulnerability, leading to elevated privileges akin to that of the root user on the underlying operating system, thereby compromising the security and integrity of the affected systems.

Affected Version(s)

Cisco Evolved Programmable Network Manager (EPNM) 1.2.6

Cisco Evolved Programmable Network Manager (EPNM) 1.2.2

Cisco Evolved Programmable Network Manager (EPNM) 1.2.3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Nov 13, 2024
Vulnerability published
Jan 17, 2024
Vulnerability Reserved
Oct 27, 2022

Collectors

NVD DatabaseMitre Database