Common Weakness Enumeration

CWE-27

Allowed

Path Traversal: 'dir/../../filename'

Abstraction: Variant · Status: Draft

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize multiple internal "../" sequences that can resolve to a location that is outside of that directory.

37 vulnerabilities reference this CWE, most recent first.

CVE-2024-7458 (GCVE-0-2024-7458)

Vulnerability from cvelistv5 – Published: 2024-08-04 22:00 – Updated: 2024-08-05 14:55
VLAI
Title
elunez eladmin Database Management/Deployment Management upload path traversal
Summary
A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversal: 'dir/../../filename'. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273551.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-27 - Path Traversal: 'dir/../../filename'
Assigner
References
URL Tags
https://vuldb.com/?id.273551 vdb-entrytechnical-description
https://vuldb.com/?ctiid.273551 signaturepermissions-required
https://vuldb.com/?submit.380498 third-party-advisory
https://github.com/elunez/eladmin/issues/851 exploitissue-tracking
Impacted products
Vendor Product Version
elunez eladmin Affected: 2.0
Affected: 2.1
Affected: 2.2
Affected: 2.3
Affected: 2.4
Affected: 2.5
Affected: 2.6
Affected: 2.7
Create a notification for this product.
elunez eladmin Affected: 2.0
Affected: 2.1
Affected: 2.2
Affected: 2.3
Affected: 2.4
Affected: 2.5
Affected: 2.6
Affected: 2.7
    cpe:2.3:a:elunez:eladmin:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
nerowander (VulDB User) nerowander (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:elunez:eladmin:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "eladmin",
            "vendor": "elunez",
            "versions": [
              {
                "status": "affected",
                "version": "2.0"
              },
              {
                "status": "affected",
                "version": "2.1"
              },
              {
                "status": "affected",
                "version": "2.2"
              },
              {
                "status": "affected",
                "version": "2.3"
              },
              {
                "status": "affected",
                "version": "2.4"
              },
              {
                "status": "affected",
                "version": "2.5"
              },
              {
                "status": "affected",
                "version": "2.6"
              },
              {
                "status": "affected",
                "version": "2.7"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7458",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-05T14:50:36.972913Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:55:41.487Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Database Management/Deployment Management"
          ],
          "product": "eladmin",
          "vendor": "elunez",
          "versions": [
            {
              "status": "affected",
              "version": "2.0"
            },
            {
              "status": "affected",
              "version": "2.1"
            },
            {
              "status": "affected",
              "version": "2.2"
            },
            {
              "status": "affected",
              "version": "2.3"
            },
            {
              "status": "affected",
              "version": "2.4"
            },
            {
              "status": "affected",
              "version": "2.5"
            },
            {
              "status": "affected",
              "version": "2.6"
            },
            {
              "status": "affected",
              "version": "2.7"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "nerowander (VulDB User)"
        },
        {
          "lang": "en",
          "type": "analyst",
          "value": "nerowander (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in elunez eladmin up to 2.7 and classified as critical. This issue affects some unknown processing of the file /api/deploy/upload /api/database/upload of the component Database Management/Deployment Management. The manipulation of the argument file leads to path traversal: \u0027dir/../../filename\u0027. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273551."
        },
        {
          "lang": "de",
          "value": "Eine kritische Schwachstelle wurde in elunez eladmin bis 2.7 gefunden. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /api/deploy/upload /api/database/upload der Komponente Database Management/Deployment Management. Durch die Manipulation des Arguments file mit unbekannten Daten kann eine path traversal: \u0027dir/../../filename\u0027-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5.2,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27 Path Traversal: \u0027dir/../../filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-04T22:00:07.342Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-273551 | elunez eladmin Database Management/Deployment Management upload path traversal",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.273551"
        },
        {
          "name": "VDB-273551 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.273551"
        },
        {
          "name": "Submit #380498 | elunez eladmin \u003c=v2.7 Path Traversal: \u0027dir/../../filename\u0027",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.380498"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/elunez/eladmin/issues/851"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-08-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-08-04T10:09:45.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "elunez eladmin Database Management/Deployment Management upload path traversal"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-7458",
    "datePublished": "2024-08-04T22:00:07.342Z",
    "dateReserved": "2024-08-04T06:10:07.911Z",
    "dateUpdated": "2024-08-05T14:55:41.487Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52076 (GCVE-0-2023-52076)

Vulnerability from cvelistv5 – Published: 2024-01-25 15:30 – Updated: 2025-06-17 21:19
VLAI
Title
Remote Code Execution Vulnerability in Atril's EPUB ebook parsing
Summary
Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn't stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability.
SSVC
Exploitation: poc Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-24 - Path Traversal: '../filedir'
  • CWE-25 - Path Traversal: '/../filedir'
  • CWE-27 - Path Traversal: 'dir/../../filename'
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
Impacted products
Vendor Product Version
mate-desktop atril Affected: < 1.26.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:48:12.177Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37"
          },
          {
            "name": "https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50"
          },
          {
            "name": "https://github.com/mate-desktop/atril/releases/tag/v1.26.2",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/mate-desktop/atril/releases/tag/v1.26.2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52076",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-25T20:55:51.876073Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-17T21:19:29.316Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "atril",
          "vendor": "mate-desktop",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.26.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the user opening a crafted document has access. The only limitation is that this vulnerability cannot be exploited to overwrite existing files, but that doesn\u0027t stop an attacker from achieving Remote Command Execution on the target system. Version 1.26.2 of Atril contains a patch for this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-24",
              "description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-25",
              "description": "CWE-25: Path Traversal: \u0027/../filedir\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27: Path Traversal: \u0027dir/../../filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-15T04:06:07.161Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mate-desktop/atril/security/advisories/GHSA-6mf6-mxpc-jc37"
        },
        {
          "name": "https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mate-desktop/atril/commit/e70b21c815418a1e6ebedf6d8d31b8477c03ba50"
        },
        {
          "name": "https://github.com/mate-desktop/atril/releases/tag/v1.26.2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mate-desktop/atril/releases/tag/v1.26.2"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00003.html"
        }
      ],
      "source": {
        "advisory": "GHSA-6mf6-mxpc-jc37",
        "discovery": "UNKNOWN"
      },
      "title": "Remote Code Execution Vulnerability in Atril\u0027s EPUB ebook parsing"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-52076",
    "datePublished": "2024-01-25T15:30:12.398Z",
    "dateReserved": "2023-12-26T12:53:20.670Z",
    "dateUpdated": "2025-06-17T21:19:29.316Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-50254 (GCVE-0-2023-50254)

Vulnerability from cvelistv5 – Published: 2023-12-22 16:49 – Updated: 2024-08-02 22:16
VLAI
Title
Deepin Reader RCE vulnerability due to a design flaw
Summary
Deepin Linux's default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue.
CWE
  • CWE-27 - Path Traversal: 'dir/../../filename'
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:16:46.096Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495"
          },
          {
            "name": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04"
          },
          {
            "name": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "developer-center",
          "vendor": "linuxdeepin",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 6.0.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Deepin Linux\u0027s default document reader `deepin-reader` software suffers from a serious vulnerability in versions prior to 6.0.7 due to a design flaw that leads to remote command execution via crafted docx document. This is a file overwrite vulnerability. Remote code execution (RCE) can be achieved by overwriting files like .bash_rc, .bash_login, etc. RCE will be triggered when the user opens the terminal. Version 6.0.7 contains a patch for the issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27: Path Traversal: \u0027dir/../../filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-22T16:49:48.977Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/linuxdeepin/developer-center/security/advisories/GHSA-q9jr-726g-9495"
        },
        {
          "name": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/linuxdeepin/deepin-reader/commit/4db7a079fb7bd77257b1b9208a7ab26aade8fe04"
        },
        {
          "name": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/linuxdeepin/deepin-reader/commit/c192fd20a2fe4003e0581c3164489a89e06420c6"
        }
      ],
      "source": {
        "advisory": "GHSA-q9jr-726g-9495",
        "discovery": "UNKNOWN"
      },
      "title": "Deepin Reader RCE vulnerability due to a design flaw"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-50254",
    "datePublished": "2023-12-22T16:49:48.977Z",
    "dateReserved": "2023-12-05T20:42:59.378Z",
    "dateUpdated": "2024-08-02T22:16:46.096Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-34125 (GCVE-0-2023-34125)

Vulnerability from cvelistv5 – Published: 2023-07-13 00:21 – Updated: 2024-11-05 15:34
VLAI
Summary
Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.
Severity
No CVSS data available.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-27 - Path Traversal: 'dir/../../filename'
Assigner
Impacted products
Vendor Product Version
SonicWall GMS Affected: 9.3.2-SP1 and earlier versions
Create a notification for this product.
SonicWall Analytics Affected: 2.5.0.4-R7 and earlier versions
Create a notification for this product.
Date Public
2023-07-13 00:19
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:01:54.052Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010"
          },
          {
            "tags": [
              "related",
              "x_transferred"
            ],
            "url": "https://www.sonicwall.com/support/notices/230710150218060"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-34125",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-05T15:34:38.926559Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T15:34:52.319Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "GMS",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "9.3.2-SP1 and earlier versions"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Analytics",
          "vendor": "SonicWall",
          "versions": [
            {
              "status": "affected",
              "version": "2.5.0.4-R7 and earlier versions"
            }
          ]
        }
      ],
      "datePublic": "2023-07-13T00:19:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\u003cp\u003e\u003c/p\u003e"
            }
          ],
          "value": "Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\n"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27 Path Traversal: \u0027dir/../../filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-13T00:21:21.095Z",
        "orgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
        "shortName": "sonicwall"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://www.sonicwall.com/support/notices/230710150218060"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44b2ff79-1416-4492-88bb-ed0da00c7315",
    "assignerShortName": "sonicwall",
    "cveId": "CVE-2023-34125",
    "datePublished": "2023-07-13T00:21:21.095Z",
    "dateReserved": "2023-05-25T22:45:46.851Z",
    "dateUpdated": "2024-11-05T15:34:52.319Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-27588 (GCVE-0-2023-27588)

Vulnerability from cvelistv5 – Published: 2023-03-14 17:23 – Updated: 2025-02-25 14:57
VLAI
Title
Unauthenticated path traversal vulnerability in Hasura GraphQL Engine
Summary
Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects with deployments that are publicly exposed and not protected by a WAF or other HTTP protection layer should be upgraded to version 1.3.4, 2.55.1, 2.20.1, or 2.21.0-beta1 to receive a patch.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-27 - Path Traversal: 'dir/../../filename'
  • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
Impacted products
Vendor Product Version
hasura graphql-engine Affected: < 1.3.4
Affected: >= 2.0.0, < 2.11.5
Affected: >= 2.2.0, < 2.20.1
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:16:35.882Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/hasura/graphql-engine/security/advisories/GHSA-c9rw-rw2f-mj4x",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/hasura/graphql-engine/security/advisories/GHSA-c9rw-rw2f-mj4x"
          },
          {
            "name": "https://github.com/hasura/graphql-engine/commit/dda54543ee1ecf647ca5d0971b140c3a7b9f4158",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hasura/graphql-engine/commit/dda54543ee1ecf647ca5d0971b140c3a7b9f4158"
          },
          {
            "name": "https://github.com/hasura/graphql-engine/releases/tag/v1.3.4",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hasura/graphql-engine/releases/tag/v1.3.4"
          },
          {
            "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.11.5",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.11.5"
          },
          {
            "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.20.1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.20.1"
          },
          {
            "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.21.0-beta.1",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.21.0-beta.1"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-27588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-25T14:31:06.675110Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-25T14:57:42.725Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "graphql-engine",
          "vendor": "hasura",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.3.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.11.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.2.0, \u003c 2.20.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Hasura is an open-source product that provides users GraphQL or REST APIs. A path traversal vulnerability has been discovered within Hasura GraphQL Engine prior to versions 1.3.4, 2.55.1, 2.20.1, and 2.21.0-beta1. Projects running on Hasura Cloud were not vulnerable. Self-hosted Hasura Projects with deployments that are publicly exposed and not protected by a WAF or other HTTP protection layer should be upgraded to version 1.3.4, 2.55.1, 2.20.1, or 2.21.0-beta1 to receive a patch."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27: Path Traversal: \u0027dir/../../filename\u0027",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-14T17:23:10.499Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/hasura/graphql-engine/security/advisories/GHSA-c9rw-rw2f-mj4x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/hasura/graphql-engine/security/advisories/GHSA-c9rw-rw2f-mj4x"
        },
        {
          "name": "https://github.com/hasura/graphql-engine/commit/dda54543ee1ecf647ca5d0971b140c3a7b9f4158",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hasura/graphql-engine/commit/dda54543ee1ecf647ca5d0971b140c3a7b9f4158"
        },
        {
          "name": "https://github.com/hasura/graphql-engine/releases/tag/v1.3.4",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hasura/graphql-engine/releases/tag/v1.3.4"
        },
        {
          "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.11.5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.11.5"
        },
        {
          "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.20.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.20.1"
        },
        {
          "name": "https://github.com/hasura/graphql-engine/releases/tag/v2.21.0-beta.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/hasura/graphql-engine/releases/tag/v2.21.0-beta.1"
        }
      ],
      "source": {
        "advisory": "GHSA-c9rw-rw2f-mj4x",
        "discovery": "UNKNOWN"
      },
      "title": "Unauthenticated path traversal vulnerability in Hasura GraphQL Engine"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-27588",
    "datePublished": "2023-03-14T17:23:10.499Z",
    "dateReserved": "2023-03-04T01:03:53.635Z",
    "dateUpdated": "2025-02-25T14:57:42.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20131 (GCVE-0-2023-20131)

Vulnerability from cvelistv5 – Published: 2023-04-05 00:00 – Updated: 2024-10-25 16:00
VLAI
Title
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Date Public
2023-04-05 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:36.045Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20131",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:35:17.326729Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:00:51.219Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Prime Infrastructure",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-04-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-05T00:00:00.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
        }
      ],
      "source": {
        "advisory": "cisco-sa-pi-epnm-eRPWAXLe",
        "defect": [
          [
            "CSCwc25461",
            "CSCwc51948",
            "CSCwc76734",
            "CSCwd28312",
            "CSCwd69561"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20131",
    "datePublished": "2023-04-05T00:00:00.000Z",
    "dateReserved": "2022-10-27T00:00:00.000Z",
    "dateUpdated": "2024-10-25T16:00:51.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20130 (GCVE-0-2023-20130)

Vulnerability from cvelistv5 – Published: 2023-04-05 00:00 – Updated: 2024-10-25 16:01
VLAI
Title
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Date Public
2023-04-05 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.870Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20130",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:35:23.838355Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:01:07.105Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Prime Infrastructure",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-04-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-05T00:00:00.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
        }
      ],
      "source": {
        "advisory": "cisco-sa-pi-epnm-eRPWAXLe",
        "defect": [
          [
            "CSCwc25461",
            "CSCwc51948",
            "CSCwc76734",
            "CSCwd28312",
            "CSCwd69561"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20130",
    "datePublished": "2023-04-05T00:00:00.000Z",
    "dateReserved": "2022-10-27T00:00:00.000Z",
    "dateUpdated": "2024-10-25T16:01:07.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20129 (GCVE-0-2023-20129)

Vulnerability from cvelistv5 – Published: 2023-04-05 00:00 – Updated: 2024-10-25 16:01
VLAI
Title
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Date Public
2023-04-05 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.593Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20129",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:35:30.474321Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:01:15.745Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Prime Infrastructure",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-04-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-05T00:00:00.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
        }
      ],
      "source": {
        "advisory": "cisco-sa-pi-epnm-eRPWAXLe",
        "defect": [
          [
            "CSCwc25461",
            "CSCwc51948",
            "CSCwc76734",
            "CSCwd28312",
            "CSCwd69561"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20129",
    "datePublished": "2023-04-05T00:00:00.000Z",
    "dateReserved": "2022-10-27T00:00:00.000Z",
    "dateUpdated": "2024-10-25T16:01:15.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20127 (GCVE-0-2023-20127)

Vulnerability from cvelistv5 – Published: 2023-04-05 00:00 – Updated: 2024-10-25 16:01
VLAI
Title
Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities
Summary
Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Date Public
2023-04-05 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.685Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20127",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:35:37.618528Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:01:24.242Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Prime Infrastructure",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-04-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "CWE-27",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-05T00:00:00.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230405 Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-eRPWAXLe"
        }
      ],
      "source": {
        "advisory": "cisco-sa-pi-epnm-eRPWAXLe",
        "defect": [
          [
            "CSCwc25461",
            "CSCwc51948",
            "CSCwc76734",
            "CSCwd28312",
            "CSCwd69561"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Vulnerabilities"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20127",
    "datePublished": "2023-04-05T00:00:00.000Z",
    "dateReserved": "2022-10-27T00:00:00.000Z",
    "dateUpdated": "2024-10-25T16:01:24.242Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20090 (GCVE-0-2023-20090)

Vulnerability from cvelistv5 – Published: 2024-11-15 15:19 – Updated: 2024-11-15 17:15
VLAI
Title
Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability
Summary
A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root. Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-27 - Path Traversal: 'dir/../../filename'
Assigner
Impacted products
Vendor Product Version
Cisco Cisco RoomOS Software Affected: N/A
Create a notification for this product.
Cisco Cisco TelePresence Endpoint Software (TC/CE) Affected: CE9.10.2
Affected: CE9.1.4
Affected: CE9.9.3
Affected: CE9.10.3
Affected: CE9.1.5
Affected: CE9.2.4
Affected: CE9.10.1
Affected: CE9.13.0
Affected: CE9.1.2
Affected: CE9.1.1
Affected: CE9.9.4
Affected: CE9.2.1
Affected: CE9.1.3
Affected: CE9.0.1
Affected: CE9.1.6
Affected: CE9.12.4
Affected: CE9.2.2
Affected: CE9.12.3
Affected: CE9.2.3
Affected: CE9.13.1
Affected: CE9.14.3
Affected: CE9.14.4
Affected: CE9.13.2
Affected: CE9.12.5
Affected: CE9.14.5
Affected: CE9.15.0.10
Affected: CE9.15.0.11
Affected: CE9.13.3
Affected: CE9.15.0.13
Affected: CE9.14.6
Affected: CE9.15.3.17
Affected: CE9.14.7
Affected: CE9.15.0.19
Affected: CE9.15.3.19
Affected: CE9.15.3.18
Affected: CE9.15.3.22
Affected: CE9.15.8.12
Affected: CE9.15.10.8
Affected: CE9.15.3.26
Affected: CE9.15.3.25
Affected: CE9.15.13.0
Affected: CE9.15.15.4
Affected: CE9.15.16.5
Create a notification for this product.
cisco telepresence_collaboration_endpoint Affected: 9.0.1
Affected: 9.10.1
Affected: 9.10.2
Affected: 9.10.3
Affected: 9.1.1
Affected: 9.1.2
Affected: 9.12.3
Affected: 9.12.4
Affected: 9.12.5
Affected: 9.1.3
Affected: 9.13.0
Affected: 9.13.1
Affected: 9.13.2
Affected: 9.13.3
Affected: 9.1.4
Affected: 9.14.3
Affected: 9.14.4
Affected: 9.14.5
Affected: 9.14.6
Affected: 9.1.5
Affected: 9.15.0.10
Affected: 9.15.0.11
Affected: 9.15.13.0
Affected: 9.15.8.12
Affected: 9.1.6
Affected: 9.2.1
Affected: 9.2.2
Affected: 9.2.3
Affected: 9.2.4
Affected: 9.9.3
Affected: 9.9.4
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*
Create a notification for this product.
cisco telepresence_collaboration_endpoint Affected: 9.15.0.19
Affected: 9.15.10.8
Affected: 9.15.13.0
Affected: 9.15.15.4
Affected: 9.15.16.5
Affected: 9.15.3.18
Affected: 9.15.3.19
Affected: 9.15.3.22
Affected: 9.15.3.25
Affected: 9.15.3.26
Affected: 9.15.8.12
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.19:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.15.4:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.16.5:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.18:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.19:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.22:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.0.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.10.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.12.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.13.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.14.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.10:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.11:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.1.6:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.1:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.2:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.2.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.3:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.9.4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "telepresence_collaboration_endpoint",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "9.0.1"
              },
              {
                "status": "affected",
                "version": "9.10.1"
              },
              {
                "status": "affected",
                "version": "9.10.2"
              },
              {
                "status": "affected",
                "version": "9.10.3"
              },
              {
                "status": "affected",
                "version": "9.1.1"
              },
              {
                "status": "affected",
                "version": "9.1.2"
              },
              {
                "status": "affected",
                "version": "9.12.3"
              },
              {
                "status": "affected",
                "version": "9.12.4"
              },
              {
                "status": "affected",
                "version": "9.12.5"
              },
              {
                "status": "affected",
                "version": "9.1.3"
              },
              {
                "status": "affected",
                "version": "9.13.0"
              },
              {
                "status": "affected",
                "version": "9.13.1"
              },
              {
                "status": "affected",
                "version": "9.13.2"
              },
              {
                "status": "affected",
                "version": "9.13.3"
              },
              {
                "status": "affected",
                "version": "9.1.4"
              },
              {
                "status": "affected",
                "version": "9.14.3"
              },
              {
                "status": "affected",
                "version": "9.14.4"
              },
              {
                "status": "affected",
                "version": "9.14.5"
              },
              {
                "status": "affected",
                "version": "9.14.6"
              },
              {
                "status": "affected",
                "version": "9.1.5"
              },
              {
                "status": "affected",
                "version": "9.15.0.10"
              },
              {
                "status": "affected",
                "version": "9.15.0.11"
              },
              {
                "status": "affected",
                "version": "9.15.13.0"
              },
              {
                "status": "affected",
                "version": "9.15.8.12"
              },
              {
                "status": "affected",
                "version": "9.1.6"
              },
              {
                "status": "affected",
                "version": "9.2.1"
              },
              {
                "status": "affected",
                "version": "9.2.2"
              },
              {
                "status": "affected",
                "version": "9.2.3"
              },
              {
                "status": "affected",
                "version": "9.2.4"
              },
              {
                "status": "affected",
                "version": "9.9.3"
              },
              {
                "status": "affected",
                "version": "9.9.4"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.0.19:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.10.8:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.13.0:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.15.4:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.16.5:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.18:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.19:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.22:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.25:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.3.26:*:*:*:*:*:*:*",
              "cpe:2.3:a:cisco:telepresence_collaboration_endpoint:9.15.8.12:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "telepresence_collaboration_endpoint",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "9.15.0.19"
              },
              {
                "status": "affected",
                "version": "9.15.10.8"
              },
              {
                "status": "affected",
                "version": "9.15.13.0"
              },
              {
                "status": "affected",
                "version": "9.15.15.4"
              },
              {
                "status": "affected",
                "version": "9.15.16.5"
              },
              {
                "status": "affected",
                "version": "9.15.3.18"
              },
              {
                "status": "affected",
                "version": "9.15.3.19"
              },
              {
                "status": "affected",
                "version": "9.15.3.22"
              },
              {
                "status": "affected",
                "version": "9.15.3.25"
              },
              {
                "status": "affected",
                "version": "9.15.3.26"
              },
              {
                "status": "affected",
                "version": "9.15.8.12"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20090",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:49:25.857316Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:15:43.778Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco RoomOS Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "N/A"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Cisco TelePresence Endpoint Software (TC/CE)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "CE9.10.2"
            },
            {
              "status": "affected",
              "version": "CE9.1.4"
            },
            {
              "status": "affected",
              "version": "CE9.9.3"
            },
            {
              "status": "affected",
              "version": "CE9.10.3"
            },
            {
              "status": "affected",
              "version": "CE9.1.5"
            },
            {
              "status": "affected",
              "version": "CE9.2.4"
            },
            {
              "status": "affected",
              "version": "CE9.10.1"
            },
            {
              "status": "affected",
              "version": "CE9.13.0"
            },
            {
              "status": "affected",
              "version": "CE9.1.2"
            },
            {
              "status": "affected",
              "version": "CE9.1.1"
            },
            {
              "status": "affected",
              "version": "CE9.9.4"
            },
            {
              "status": "affected",
              "version": "CE9.2.1"
            },
            {
              "status": "affected",
              "version": "CE9.1.3"
            },
            {
              "status": "affected",
              "version": "CE9.0.1"
            },
            {
              "status": "affected",
              "version": "CE9.1.6"
            },
            {
              "status": "affected",
              "version": "CE9.12.4"
            },
            {
              "status": "affected",
              "version": "CE9.2.2"
            },
            {
              "status": "affected",
              "version": "CE9.12.3"
            },
            {
              "status": "affected",
              "version": "CE9.2.3"
            },
            {
              "status": "affected",
              "version": "CE9.13.1"
            },
            {
              "status": "affected",
              "version": "CE9.14.3"
            },
            {
              "status": "affected",
              "version": "CE9.14.4"
            },
            {
              "status": "affected",
              "version": "CE9.13.2"
            },
            {
              "status": "affected",
              "version": "CE9.12.5"
            },
            {
              "status": "affected",
              "version": "CE9.14.5"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.10"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.11"
            },
            {
              "status": "affected",
              "version": "CE9.13.3"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.13"
            },
            {
              "status": "affected",
              "version": "CE9.14.6"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.17"
            },
            {
              "status": "affected",
              "version": "CE9.14.7"
            },
            {
              "status": "affected",
              "version": "CE9.15.0.19"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.19"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.18"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.22"
            },
            {
              "status": "affected",
              "version": "CE9.15.8.12"
            },
            {
              "status": "affected",
              "version": "CE9.15.10.8"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.26"
            },
            {
              "status": "affected",
              "version": "CE9.15.3.25"
            },
            {
              "status": "affected",
              "version": "CE9.15.13.0"
            },
            {
              "status": "affected",
              "version": "CE9.15.15.4"
            },
            {
              "status": "affected",
              "version": "CE9.15.16.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device.\r\n\r\nThis vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root.\r\nCisco\u0026nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-27",
              "description": "Path Traversal: \u0027dir/../../filename\u0027",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T15:19:09.891Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-roomos-file-write-rHKwegKf",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf"
        }
      ],
      "source": {
        "advisory": "cisco-sa-roomos-file-write-rHKwegKf",
        "defects": [
          "CSCwc85883"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20090",
    "datePublished": "2024-11-15T15:19:09.891Z",
    "dateReserved": "2022-10-27T18:47:50.335Z",
    "dateUpdated": "2024-11-15T17:15:43.778Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-5.1
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
  • When validating filenames, use stringent allowlists that limit the character set to be used. If feasible, only allow a single "." character in the filename to avoid weaknesses such as CWE-23, and exclude directory separators such as "/" to avoid CWE-36. Use a list of allowable file extensions, which will help to avoid CWE-434.
  • Do not rely exclusively on a filtering mechanism that removes potentially dangerous characters. This is equivalent to a denylist, which may be incomplete (CWE-184). For example, filtering "/" is insufficient protection if the filesystem also supports the use of "\" as a directory separator. Another possible error could occur when the filtering is applied in a way that still produces dangerous data (CWE-182). For example, if "../" sequences are removed from the ".../...//" string in a sequential fashion, two instances of "../" would be removed from the original string, but the remaining characters would still form the "../" string.
Mitigation MIT-20
Implementation

Strategy: Input Validation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

No CAPEC attack patterns related to this CWE.