CVE-2023-20075 (CNNVD-202303-052)
中文标题:
Cisco Secure Email 操作系统命令注入漏洞
英文标题:
Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker...
漏洞描述
中文描述:
Cisco Secure Email是美国思科(Cisco)公司的思科安全电子邮件(前身为电子邮件安全)为您的电子邮件提供最佳保护,使其免受网络威胁。 Cisco Secure Email Gateway存在安全漏洞,该漏洞源于CLI中的输入验证不正确,攻击者利用该漏洞可以在底层操作系统上执行任意命令。
英文描述:
Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. These vulnerability is due to improper input validation in the CLI. An attacker could exploit this vulnerability by injecting operating system commands into a legitimate command. A successful exploit could allow the attacker to escape the restricted command prompt and execute arbitrary commands on the underlying operating system. To successfully exploit this vulnerability, an attacker would need valid Administrator credentials.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Secure Email | 13.0.0-392 | - | - |
cpe:2.3:a:cisco:cisco_secure_email:13.0.0-392:*:*:*:*:*:*:*
|
| Cisco | Cisco Secure Email | 13.5.1-277 | - | - |
cpe:2.3:a:cisco:cisco_secure_email:13.5.1-277:*:*:*:*:*:*:*
|
| Cisco | Cisco Secure Email | 12.5.0-066 | - | - |
cpe:2.3:a:cisco:cisco_secure_email:12.5.0-066:*:*:*:*:*:*:*
|
| Cisco | Cisco Secure Email | 14.0.0-698 | - | - |
cpe:2.3:a:cisco:cisco_secure_email:14.0.0-698:*:*:*:*:*:*:*
|
| Cisco | Cisco Secure Email | 14.2.0-620 | - | - |
cpe:2.3:a:cisco:cisco_secure_email:14.2.0-620:*:*:*:*:*:*:*
|
| cisco | email_security_appliance | * | - | - |
cpe:2.3:a:cisco:email_security_appliance:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2023-20075 |
2025-11-11 15:21:47 | 2025-11-11 07:38:02 |
| NVD | nvd_CVE-2023-20075 |
2025-11-11 14:58:57 | 2025-11-11 07:46:12 |
| CNNVD | cnnvd_CNNVD-202303-052 |
2025-11-11 15:11:08 | 2025-11-11 07:57:49 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 授权问题
- cnnvd_id: 未提取 -> CNNVD-202303-052
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 5 -> 6
- data_sources: ['cve'] -> ['cve', 'nvd']