Improper access control in Cisco Systems, Inc products - CVE-2023-20237
Published: August 25, 2023
Vulnerability identifier: #VU79965
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-20237
CWE-ID: CWE-284
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Intersight Virtual Appliance
Intersight Assist
Intersight Connected Virtual Appliance
Intersight Private Virtual Appliance
Cisco Intersight Virtual Appliance
Intersight Assist
Intersight Connected Virtual Appliance
Intersight Private Virtual Appliance
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to insufficient restrictions on internally accessible http proxies. A remote attacker on the local network can access to internal subnets beyond the sphere of their intended access level.
How to mitigate CVE-2023-20237
Install updates from vendor's website.