#VU72310 OS Command Injection in Cisco Email Security Appliance - CVE-2023-20075
Vulnerability identifier: #VU72310
Vulnerability risk: Low
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID:
CWE-ID:
CWE-78
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Email Security Appliance
Server applications /
IDS/IPS systems, Firewalls and proxy servers
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper input validation in the CLI. A local user with Operator-level privileges or higher can inject operating system commands into a legitimate command, escape the restricted command prompt and execute arbitrary commands on the underlying operating system as the CLI process user.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Cisco Email Security Appliance: before 12.5.4-041
External links
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-privesc-9DVkFpJ8
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd50043
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
