1. Home
  2. CVE Database
  3. CVE-2023-20050
MEDIUM · 4.4

CVE-2023-20050

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerabili...

Vulnerability Description

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.

CVSS Score

4.4

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
CiscoNx-Os-
CiscoMds 9000-
CiscoMds 9100-
CiscoMds 9132T-
CiscoMds 9134-
CiscoMds 9140-
CiscoMds 9148-
CiscoMds 9148S-
CiscoMds 9148T-
CiscoMds 9200-
CiscoMds 9216-
CiscoMds 9216A-
CiscoMds 9216I-
CiscoMds 9222I-
CiscoMds 9250I-
CiscoMds 9396S-
CiscoMds 9396T-
CiscoMds 9500-
CiscoMds 9506-
CiscoMds 9509-

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2023-20050?

CVE-2023-20050 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerabili...

How severe is CVE-2023-20050?

CVE-2023-20050 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20050?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Mds 9000, Cisco Mds 9100, Cisco Mds 9132T, Cisco Mds 9134.