First published: Wed Aug 16 2023(Updated: )
A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Intersight Virtual Appliance | <1.0.9-589 | |
Cisco Intersight Assist | ||
Cisco Intersight Connected Virtual Appliance | ||
Cisco Intersight Private Virtual Appliance | ||
All of | ||
Cisco Intersight Virtual Appliance | <1.0.9-589 | |
Any of | ||
Cisco Intersight Assist | ||
Cisco Intersight Connected Virtual Appliance | ||
Cisco Intersight Private Virtual Appliance |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-20237 is a vulnerability in Cisco Intersight Virtual Appliance that could allow an unauthenticated adjacent attacker to access internal HTTP services.
CVE-2023-20237 has a severity rating of 4.3, which is considered medium.
The affected software for CVE-2023-20237 is Cisco Intersight Virtual Appliance version up to 1.0.9-589.
An attacker can exploit CVE-2023-20237 by taking advantage of insufficient restrictions on internally accessible http proxies.
No, Cisco Intersight Assist is not affected by CVE-2023-20237.