CVE-2023-20237

low-risk

Published 2023-08-16

A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (1)

Intersight Virtual Appliance

Affected Vendors

Cisco

References (2)

Patch https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal