CVE-2023-20237 — MEDIUM (4.3)

Q: How severe is CVE-2023-20237?

CVE-2023-20237 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-20237?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Intersight Virtual Appliance, Cisco Intersight Assist, Cisco Intersight Connected Virtual Appliance, Cisco Intersight Private Virtual Appliance.

Vulnerability Description

A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Intersight Virtual Appliance	< 1.0.9-589
Cisco	Intersight Assist	-
Cisco	Intersight Connected Virtual Appliance	-
Cisco	Intersight Private Virtual Appliance	-

Related Weaknesses (CWE)

CWE-284 CWE-77

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciPatchVendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciPatchVendor Advisory

FAQ

What is CVE-2023-20237?

CVE-2023-20237 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due t...

How severe is CVE-2023-20237?

CVE-2023-20237 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20237?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Intersight Virtual Appliance, Cisco Intersight Assist, Cisco Intersight Connected Virtual Appliance, Cisco Intersight Private Virtual Appliance.