CVE-2023-20237 (CNNVD-202308-1480)
中文标题:
Cisco Intersight 命令注入漏洞
英文标题:
A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attac...
漏洞描述
中文描述:
Cisco Intersight是美国思科(Cisco)公司的一个应用平台。提供了智能管理级别,使 IT 组织能够以比前几代工具更先进的方式分析、简化和自动化其环境。 Cisco Intersight Virtual Appliance存在安全漏洞,该漏洞源于对内部可访问的http代理限制不足,可能允许未经身份验证的相邻攻击者访问原本无法访问的内部HTTP服务。
英文描述:
A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| Cisco | Cisco Intersight Virtual Appliance | 1.0.9-503 | - | - |
cpe:2.3:a:cisco:cisco_intersight_virtual_appliance:1.0.9-503:*:*:*:*:*:*:*
|
| Cisco | Cisco Intersight Virtual Appliance | 1.0.9-536 | - | - |
cpe:2.3:a:cisco:cisco_intersight_virtual_appliance:1.0.9-536:*:*:*:*:*:*:*
|
| Cisco | Cisco Intersight Virtual Appliance | 1.0.9-538 | - | - |
cpe:2.3:a:cisco:cisco_intersight_virtual_appliance:1.0.9-538:*:*:*:*:*:*:*
|
| Cisco | Cisco Intersight Virtual Appliance | 1.0.9-558 | - | - |
cpe:2.3:a:cisco:cisco_intersight_virtual_appliance:1.0.9-558:*:*:*:*:*:*:*
|
| Cisco | Cisco Intersight Virtual Appliance | 1.0.9-561 | - | - |
cpe:2.3:a:cisco:cisco_intersight_virtual_appliance:1.0.9-561:*:*:*:*:*:*:*
|
| cisco | intersight_virtual_appliance | * | - | - |
cpe:2.3:a:cisco:intersight_virtual_appliance:*:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
3.1 (cna)
MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2023-20237 |
2025-11-11 15:21:47 | 2025-11-11 07:38:02 |
| NVD | nvd_CVE-2023-20237 |
2025-11-11 14:59:07 | 2025-11-11 07:46:12 |
| CNNVD | cnnvd_CNNVD-202308-1480 |
2025-11-11 15:11:17 | 2025-11-11 07:58:08 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 命令注入
- cnnvd_id: 未提取 -> CNNVD-202308-1480
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- affected_products_count: 5 -> 6
- data_sources: ['cve'] -> ['cve', 'nvd']