Cisco recently addressed a highly severe vulnerability in one of its products.
Cisco recently released an advisory detailing a critical command injection flaw found in their Industrial Network Director. The vulnerability has been identified as CVE-2023-20036, with a CVSS score of 9.9.
CVE-2023-20036 In Detail
This vulnerability resides in the web UI component and can be exploited if an attacker is able to bypass input validation when uploading a Device Pack. If successful, the attacker can gain NT AUTHORITY\SYSTEM privileges on the underlying operating system.
Cisco also addressed a medium-severity file permissions vulnerability (CVE-2023-20039, CVSS score: 5.5) which an authenticated, local attacker can use to view sensitive information.
There are no workarounds for either of the vulnerabilities. No public announcements about malicious use of the vulnerabilities have been made known to the Cisco PSIRT.
What Is Cisco PSIRT?
The Cisco Product Security Incident Response Team (PSIRT) is a specialized, worldwide group that obtains, examines, and openly discloses security vulnerability data concerning Cisco products and networks.
PSIRT evaluates all reports of vulnerabilities, regardless of the version of the software, up until the day the product’s support ends.
PSIRT prioritization is based on the severity of the vulnerability and any other relevant considerations. Ultimately, resolving an incident may require the use of products that are still supported by Cisco.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: