CVE-2023-20258

CVE Database · CVE-2023-20258

CVE-2023-20258

· MEDIUMModified

CVSS v3.1

6.5

EPSS

0.69%

Published

Jan 17, 2024

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected application. An attacker could exploit this vulnerability by uploading a document containing malicious serialized Java objects to be processed by the affected application. A successful exploit could allow the attacker to cause the application to execute arbitrary commands.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Affected Products (4)

cisco · evolved_programmable_network_manager (up to 7.1.1)vulnerable

cisco · prime_infrastructure (up to 3.10.4)vulnerable

cisco · prime_infrastructurevulnerable

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs