This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU79965
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2023-20237
CWE-ID: CWE-284 - Improper Access Control
Exploit availability: No
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to insufficient restrictions on internally accessible http proxies. A remote attacker on the local network can access to internal subnets beyond the sphere of their intended access level.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Cisco Intersight Virtual Appliance: 1.0.9-503 - 1.0.9-558
Intersight Assist: All versions
Intersight Connected Virtual Appliance: All versions
Intersight Private Virtual Appliance: All versions
CPE2.3
External links
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
Support the originator by clicking the read the rest link below.