CVE-2023-20193 - Vulnerability Details - OpenCVE

A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ESR console. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges to root and read, write, or delete arbitrary files from the underlying operating system of the affected device. Note: The ESR is not enabled by default and must be licensed. To verify the status of the ESR in the Admin GUI, choose Administration > Settings > Protocols > IPSec.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Cisco	Identity Services Engine

Configuration 1 [-]

OR	cpe:2.3:a:cisco:identity_services_engine::::::::
	cpe:2.3:a:cisco:identity_services_engine::::::::

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw

History

Wed, 23 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-09-07T19:29:42.829Z

Updated: 2024-10-23T19:41:52.372Z

Reserved: 2022-10-27T18:47:50.365Z

Link: CVE-2023-20193

Vulnrichment

Updated: 2024-08-02T09:05:36.896Z

NVD

Status : Modified

Published: 2023-09-07T20:15:07.473

Modified: 2024-11-21T07:40:48.033

Link: CVE-2023-20193

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-20193", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.365Z", "datePublished": "2023-09-07T19:29:42.829Z", "dateUpdated": "2024-10-23T19:41:52.372Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:53.988Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ESR console. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges to root and read, write, or delete arbitrary files from the underlying operating system of the affected device. Note: The ESR is not enabled by default and must be licensed. To verify the status of the ESR in the Admin GUI, choose Administration > Settings > Protocols > IPSec."}], "affected": [{"vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "versions": [{"version": "2.6.0", "status": "affected"}, {"version": "2.6.0 p1", "status": "affected"}, {"version": "2.6.0 p2", "status": "affected"}, {"version": "2.6.0 p3", "status": "affected"}, {"version": "2.6.0 p5", "status": "affected"}, {"version": "2.6.0 p6", "status": "affected"}, {"version": "2.6.0 p7", "status": "affected"}, {"version": "2.6.0 p8", "status": "affected"}, {"version": "2.6.0 p9", "status": "affected"}, {"version": "2.6.0 p10", "status": "affected"}, {"version": "2.6.0 p11", "status": "affected"}, {"version": "2.6.0 p12", "status": "affected"}, {"version": "2.7.0", "status": "affected"}, {"version": "2.7.0 p1", "status": "affected"}, {"version": "2.7.0 p2", "status": "affected"}, {"version": "2.7.0 p3", "status": "affected"}, {"version": "2.7.0 p4", "status": "affected"}, {"version": "2.7.0 p5", "status": "affected"}, {"version": "2.7.0 p6", "status": "affected"}, {"version": "2.7.0 p7", "status": "affected"}, {"version": "2.7.0 p9", "status": "affected"}, {"version": "3.0.0", "status": "affected"}, {"version": "3.0.0 p1", "status": "affected"}, {"version": "3.0.0 p2", "status": "affected"}, {"version": "3.0.0 p3", "status": "affected"}, {"version": "3.0.0 p4", "status": "affected"}, {"version": "3.0.0 p5", "status": "affected"}, {"version": "3.0.0 p6", "status": "affected"}, {"version": "3.0.0 p7", "status": "affected"}, {"version": "3.1.0", "status": "affected"}, {"version": "3.1.0 p1", "status": "affected"}, {"version": "3.1.0 p3", "status": "affected"}, {"version": "3.1.0 p4", "status": "affected"}, {"version": "3.1.0 p5", "status": "affected"}, {"version": "3.1.0 p6", "status": "affected"}, {"version": "3.1.0 p7", "status": "affected"}, {"version": "3.2.0", "status": "affected"}, {"version": "3.2.0 p1", "status": "affected"}, {"version": "3.2.0 p2", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "type": "cwe", "cweId": "CWE-78"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw", "name": "cisco-sa-ise-priv-esc-KJLp2Aw"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "baseScore": 6, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "source": {"advisory": "cisco-sa-ise-priv-esc-KJLp2Aw", "discovery": "INTERNAL", "defects": ["CSCwd07348"]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:05:36.896Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw", "name": "cisco-sa-ise-priv-esc-KJLp2Aw", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-11T05:00:48.267490Z", "id": "CVE-2023-20193", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T19:41:52.372Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw", "name": "cisco-sa-ise-priv-esc-KJLp2Aw", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T09:05:36.896Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-20193", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-11T05:00:48.267490Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-23T18:58:45.597Z"}}], "cna": {"source": {"defects": ["CSCwd07348"], "advisory": "cisco-sa-ise-priv-esc-KJLp2Aw", "discovery": "INTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco Identity Services Engine Software", "versions": [{"status": "affected", "version": "2.6.0"}, {"status": "affected", "version": "2.6.0 p1"}, {"status": "affected", "version": "2.6.0 p2"}, {"status": "affected", "version": "2.6.0 p3"}, {"status": "affected", "version": "2.6.0 p5"}, {"status": "affected", "version": "2.6.0 p6"}, {"status": "affected", "version": "2.6.0 p7"}, {"status": "affected", "version": "2.6.0 p8"}, {"status": "affected", "version": "2.6.0 p9"}, {"status": "affected", "version": "2.6.0 p10"}, {"status": "affected", "version": "2.6.0 p11"}, {"status": "affected", "version": "2.6.0 p12"}, {"status": "affected", "version": "2.7.0"}, {"status": "affected", "version": "2.7.0 p1"}, {"status": "affected", "version": "2.7.0 p2"}, {"status": "affected", "version": "2.7.0 p3"}, {"status": "affected", "version": "2.7.0 p4"}, {"status": "affected", "version": "2.7.0 p5"}, {"status": "affected", "version": "2.7.0 p6"}, {"status": "affected", "version": "2.7.0 p7"}, {"status": "affected", "version": "2.7.0 p9"}, {"status": "affected", "version": "3.0.0"}, {"status": "affected", "version": "3.0.0 p1"}, {"status": "affected", "version": "3.0.0 p2"}, {"status": "affected", "version": "3.0.0 p3"}, {"status": "affected", "version": "3.0.0 p4"}, {"status": "affected", "version": "3.0.0 p5"}, {"status": "affected", "version": "3.0.0 p6"}, {"status": "affected", "version": "3.0.0 p7"}, {"status": "affected", "version": "3.1.0"}, {"status": "affected", "version": "3.1.0 p1"}, {"status": "affected", "version": "3.1.0 p3"}, {"status": "affected", "version": "3.1.0 p4"}, {"status": "affected", "version": "3.1.0 p5"}, {"status": "affected", "version": "3.1.0 p6"}, {"status": "affected", "version": "3.1.0 p7"}, {"status": "affected", "version": "3.2.0"}, {"status": "affected", "version": "3.2.0 p1"}, {"status": "affected", "version": "3.2.0 p2"}]}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw", "name": "cisco-sa-ise-priv-esc-KJLp2Aw"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ESR console. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges to root and read, write, or delete arbitrary files from the underlying operating system of the affected device. Note: The ESR is not enabled by default and must be licensed. To verify the status of the ESR in the Admin GUI, choose Administration > Settings > Protocols > IPSec."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-78", "description": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:57:53.988Z"}}}, "cveMetadata": {"cveId": "CVE-2023-20193", "state": "PUBLISHED", "dateUpdated": "2024-10-23T19:41:52.372Z", "dateReserved": "2022-10-27T18:47:50.365Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2023-09-07T19:29:42.829Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDE2869D-6E9E-4717-A8D4-9E3204889F14", "versionEndIncluding": "2.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:identity_services_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "84794EC3-65B5-43C0-9A74-A6226756CFA6", "versionEndIncluding": "3.3", "versionStartIncluding": "3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ESR console. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges to root and read, write, or delete arbitrary files from the underlying operating system of the affected device. Note: The ESR is not enabled by default and must be licensed. To verify the status of the ESR in the Admin GUI, choose Administration > Settings > Protocols > IPSec."}, {"lang": "es", "value": "Una vulnerabilidad en el router de servicio integrado (ESR) de Cisco ISE podr\u00eda permitir a un atacante local autenticado leer, escribir o eliminar archivos arbitrarios en el sistema operativo subyacente y escalar sus privilegios a root. Para explotar esta vulnerabilidad, un atacante debe tener privilegios v\u00e1lidos a nivel de administrador en el dispositivo afectado. Esta vulnerabilidad se debe a una gesti\u00f3n inadecuada de privilegios en la consola ESR. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud manipulada a un dispositivo afectado. Un ataque exitoso podr\u00eda permitir al atacante elevar sus privilegios a root y leer, escribir o borrar archivos arbitrarios del sistema operativo subyacente del dispositivo afectado. Nota: El ESR no est\u00e1 habilitado por defecto y debe tener licencia. Para comprobar el estado de la ESR en la GUI de administraci\u00f3n, seleccione Administraci\u00f3n > Configuraci\u00f3n > Protocolos > IPSec."}], "id": "CVE-2023-20193", "lastModified": "2024-11-21T07:40:48.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.2, "source": "ykramarz@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-07T20:15:07.473", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-priv-esc-KJLp2Aw"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}