fkie_cve-2023-20210
Vulnerability from fkie_nvd
Published
2023-07-12 14:15
Modified
2024-11-21 07:40
Severity ?
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device.
References
psirt@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXWVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXWVendor Advisory
Impacted products
Vendor Product Version
cisco broadworks_application_delivery_platform_firmware 23.0
cisco broadworks_application_delivery_platform_firmware 24.0
cisco broadworks_application_delivery_platform_firmware 25.0
cisco broadworks_application_delivery_platform -
cisco broadworks_application_server_firmware 23.0
cisco broadworks_application_server_firmware 24.0
cisco broadworks_application_server_firmware 25.0
cisco broadworks_application_server -
cisco broadworks_database_server_firmware 23.0
cisco broadworks_database_server_firmware 24.0
cisco broadworks_database_server_firmware 25.0
cisco broadworks_database_server -
cisco broadworks_database_troubleshooting_server_firmware 23.0
cisco broadworks_database_troubleshooting_server_firmware 24.0
cisco broadworks_database_troubleshooting_server_firmware 25.0
cisco broadworks_database_troubleshooting_server -
cisco broadworks_execution_server_firmware 23.0
cisco broadworks_execution_server_firmware 24.0
cisco broadworks_execution_server_firmware 25.0
cisco broadworks_execution_server -
cisco broadworks_media_server_firmware 23.0
cisco broadworks_media_server_firmware 24.0
cisco broadworks_media_server_firmware 25.0
cisco broadworks_media_server -
cisco broadworks_messaging_server_firmware 23.0
cisco broadworks_messaging_server_firmware 24.0
cisco broadworks_messaging_server_firmware 25.0
cisco broadworks_messaging_server -
cisco broadworks_network_database_server_firmware 23.0
cisco broadworks_network_database_server_firmware 24.0
cisco broadworks_network_database_server_firmware 25.0
cisco broadworks_network_database_server -
cisco broadworks_network_function_manager_firmware 23.0
cisco broadworks_network_function_manager_firmware 24.0
cisco broadworks_network_function_manager_firmware 25.0
cisco broadworks_network_function_manager -
cisco broadworks_network_server_firmware 23.0
cisco broadworks_network_server_firmware 24.0
cisco broadworks_network_server_firmware 25.0
cisco broadworks_network_server -
cisco broadworks_profile_server_firmware 23.0
cisco broadworks_profile_server_firmware 24.0
cisco broadworks_profile_server_firmware 25.0
cisco broadworks_profile_server -
cisco broadworks_service_control_function_server_firmware 23.0
cisco broadworks_service_control_function_server_firmware 24.0
cisco broadworks_service_control_function_server_firmware 25.0
cisco broadworks_service_control_function_server -
cisco broadworks_sharing_server_firmware 23.0
cisco broadworks_sharing_server_firmware 24.0
cisco broadworks_sharing_server_firmware 25.0
cisco broadworks_sharing_server -
cisco broadworks_video_server_firmware 23.0
cisco broadworks_video_server_firmware 24.0
cisco broadworks_video_server_firmware 25.0
cisco broadworks_video_server -
cisco broadworks_webrtc_server_firmware 23.0
cisco broadworks_webrtc_server_firmware 24.0
cisco broadworks_webrtc_server_firmware 25.0
cisco broadworks_webrtc_server -
cisco broadworks_xtended_services_platform_firmware 23.0
cisco broadworks_xtended_services_platform_firmware 24.0
cisco broadworks_xtended_services_platform_firmware 25.0
cisco broadworks_xtended_services_platform -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_application_delivery_platform_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CDF6D51-FF53-4F81-9609-9ADC2F9B4E9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_application_delivery_platform_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F2C7C8D-4A8F-47F8-BD52-02B9381BA452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_application_delivery_platform_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BADCEEA-9E45-4B49-8234-A874D5C47E21",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_application_delivery_platform:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "17CDB68D-72F2-4A67-969D-AB093F4B2527",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_application_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2CCE1A7-DD95-45FA-B82D-7E7681131447",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_application_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "595D1BB0-8545-444B-8CB3-92A1BC646437",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_application_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD6DF734-B36E-4CAC-A9B0-0829CE88CF7C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_application_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE31A7A6-45A7-44BC-A9EE-A193BB15AA1C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_database_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF31D4CA-E2C3-4FC9-BA71-DB50644D0158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_database_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "358A3B7C-77FB-42BC-BA51-D936CA36E52D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_database_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC28F823-06DC-4BE4-89E8-0D76A01472E9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_database_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "30CB65C5-E160-4459-B16B-78FD71FFE549",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_database_troubleshooting_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8566E4D-47F0-4B3C-BB39-67C5D57A292B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_database_troubleshooting_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3C82E9E-9B6B-4B9A-B5C3-020352AC2D76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_database_troubleshooting_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74A40E6E-FE9F-412D-88FD-90AEDE55AAB7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_database_troubleshooting_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "313B4B45-666C-48F1-ABAE-056247C5BFD0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_execution_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "720FC8C3-3222-4FAC-B052-3C11E70E4CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_execution_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE3994FF-091A-487A-A85E-597797185937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_execution_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF5375C4-D15C-49B8-8833-BDDABA76804E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_execution_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE222212-E176-444E-89E8-00B506CE648B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_media_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EAB828D-E0BE-44E9-A659-EB1D0807401A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_media_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "983911BD-E602-4ED2-AE47-27F059F66A08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_media_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AF181A6-5A46-426C-9C8A-C445A47E3D66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_media_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E47499AE-1115-48A3-B48C-9064C60FAB70",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_messaging_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "59D5FC69-B787-4263-AE14-02307B9539CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_messaging_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA89033-CABE-4DB3-8B42-63889ABBE11E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_messaging_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC9E9FF-0DC8-4437-8578-0FDA55F93A7E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_messaging_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "90CB7EDC-291B-49AC-B0BF-B13833D503FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_database_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E98249C-02C4-43ED-8314-4A9B73A4F349",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_database_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C1560DD-2523-4BA1-AAA6-7DD1232743ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_database_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6400EF54-92D4-4CC4-86D3-05983E279BB9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_network_database_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0338AF8-F431-4DFD-871E-77FD5A8BC0C4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_function_manager_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ED75C3C-3D16-4756-8E67-D74F49659BEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_function_manager_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D167D62-1392-4D01-8818-74F2B47656FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_function_manager_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A17B1382-7070-42C4-B42D-B8DA04847EFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_network_function_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE40758F-56F2-4C7E-B614-2B2DDEFDE03F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28898C00-203A-4309-B7C3-E61A06AA82AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "75AE58C6-46B7-4C40-8C3B-460E5C7D1BFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_network_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBB178D9-1775-4CFB-B246-D996C0A5BD8E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_network_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2462A0CA-3112-431D-A1D8-F40D99824ED6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_profile_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E035554A-5B8B-458A-9B61-4DCC854B5BEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_profile_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C76642D-5125-434F-B835-3F2FCA1ADD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_profile_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC59FF23-541E-4496-86C0-3F7770CE8601",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_profile_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68B2B0ED-0A3C-42FA-9532-E375D6979435",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_service_control_function_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C2F1BB8-563F-4E3C-8C19-B3C2CA5D6A3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_service_control_function_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A68B5DAD-4881-4ACC-8829-8856F8C360AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_service_control_function_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0DB64E9-AFF7-4176-8DA5-5D5A56A1B4BC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_service_control_function_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "48FDE907-B2EC-4390-96C9-0C0E2A1A17D5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_sharing_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FBD60F-05F8-427E-8DA6-A9AB498F44BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_sharing_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EF12A5-11D1-4B35-ACD2-B353F347AD03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_sharing_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00B75518-3D13-47CA-927D-12D813246128",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_sharing_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EA9EFCC-0F1A-4867-9DE9-7A01FB880701",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_video_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8E60AFC-0658-46E4-AE54-8D588CD0EC34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_video_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA8472C8-F0E9-46A1-A617-637800F00F69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_video_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28B1BA21-2859-4942-9EF9-A5E2D15B85DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_video_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8470F28E-49FC-4C95-BE9A-2F54E8AA2DFB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_webrtc_server_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "444BA319-2679-4342-98B0-C6E14B1C1F0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_webrtc_server_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC2345B0-08A4-4EA4-8952-9C53C1A83B83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_webrtc_server_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95D5D2F-5470-4F12-8838-B2024307D3FA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_webrtc_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "481B20C2-65AE-4A03-9CB2-0AA74978C85A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_xtended_services_platform_firmware:23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1DC218C-B490-4163-81C4-A693E3DD8ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_xtended_services_platform_firmware:24.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "18324056-77F4-43A2-B5D2-BCD414E7D907",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:broadworks_xtended_services_platform_firmware:25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12070486-7EC8-4103-A1A2-F6FD1A79DCE6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:broadworks_xtended_services_platform:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4400D87-8862-421C-BAF4-E2481ACEDE4D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device.\r\n\r The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device."
    }
  ],
  "id": "CVE-2023-20210",
  "lastModified": "2024-11-21T07:40:51.007",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.2,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-07-12T14:15:09.873",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-250"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.