CVE-2023-20210

A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device.

CVSS v3 6.0 MEDIUM

6.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW	Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-privesc-yw4ekrXW	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_application_delivery_platform_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_application_delivery_platform_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_application_delivery_platform_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_application_delivery_platform:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_application_server_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_application_server_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_application_server_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_application_server:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_database_server_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_database_server_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_database_server_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_database_server:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_database_troubleshooting_server_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_database_troubleshooting_server_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_database_troubleshooting_server_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_database_troubleshooting_server:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_execution_server_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_execution_server_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_execution_server_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_execution_server:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_media_server_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_media_server_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_media_server_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_media_server:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_messaging_server_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_messaging_server_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_messaging_server_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_messaging_server:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_network_database_server_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_network_database_server_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_network_database_server_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_network_database_server:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_network_function_manager_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_network_function_manager_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_network_function_manager_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_network_function_manager:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_network_server_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_network_server_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_network_server_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_network_server:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_profile_server_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_profile_server_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_profile_server_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_profile_server:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_service_control_function_server_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_service_control_function_server_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_service_control_function_server_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_service_control_function_server:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_sharing_server_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_sharing_server_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_sharing_server_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_sharing_server:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_video_server_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_video_server_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_video_server_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_video_server:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_webrtc_server_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_webrtc_server_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_webrtc_server_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_webrtc_server:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

OR	cpe:2.3:o:cisco:broadworks_xtended_services_platform_firmware:23.0:::::::*
	cpe:2.3:o:cisco:broadworks_xtended_services_platform_firmware:24.0:::::::*
	cpe:2.3:o:cisco:broadworks_xtended_services_platform_firmware:25.0:::::::*

cpe:2.3:h:cisco:broadworks_xtended_services_platform:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-07-12 14:15

Updated : 2024-11-21 07:40

NVD link : CVE-2023-20210

Mitre link : CVE-2023-20210

CVE.ORG link : CVE-2023-20210

JSON object : View

Products Affected

cisco

broadworks_video_server
broadworks_execution_server
broadworks_messaging_server
broadworks_application_delivery_platform
broadworks_service_control_function_server_firmware
broadworks_network_server_firmware
broadworks_network_function_manager_firmware
broadworks_media_server_firmware
broadworks_database_troubleshooting_server
broadworks_sharing_server_firmware
broadworks_application_server
broadworks_application_server_firmware
broadworks_profile_server
broadworks_application_delivery_platform_firmware
broadworks_media_server
broadworks_service_control_function_server
broadworks_network_function_manager
broadworks_network_database_server
broadworks_video_server_firmware
broadworks_sharing_server
broadworks_database_server_firmware
broadworks_xtended_services_platform
broadworks_network_database_server_firmware
broadworks_xtended_services_platform_firmware
broadworks_webrtc_server
broadworks_database_troubleshooting_server_firmware
broadworks_profile_server_firmware
broadworks_database_server
broadworks_execution_server_firmware
broadworks_messaging_server_firmware
broadworks_webrtc_server_firmware
broadworks_network_server

CWE

CWE-250

Execution with Unnecessary Privileges

NVD-CWE-noinfo

6.0 /10