Cisco Security Advisory - Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure Command Injection Vulnerabilities

Started by Netwörkheäd, April 10, 2023, 06:00:43 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Netwörkheäd

April 10, 2023, 06:00:43 AM
Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure Command Injection Vulnerabilities

Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system.


For more information about these vulnerabilities, see the Details section of this advisory. 


Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.


This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-adeos-MLAyEcvk


     
         
Security Impact Rating:  High
   
   
       
CVE: CVE-2023-20121,CVE-2023-20122
Source: Cisco Evolved Programmable Network Manager, Cisco Identity Services Engine, and Cisco Prime Infrastructure Command Injection Vulnerabilities
Let's not argue. Let's network!
Print
Go Up Pages1
User actions