How severe is CVE-2023-20036?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2023-20036?

This is classified as CWE-78, which is a common weakness in software security.

CVE-2023-20036

CRITICAL Year: 2023

CVSS v3 Score

9.9

Critical

Weakness Type

CWE-78

View all →

Vulnerability Description

A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device. This vulnerability is due to improper input validation when uploading a Device Pack. An attacker could exploit this vulnerability by altering the request that is sent when uploading a Device Pack. A successful exploit could allow the attacker to execute arbitrary commands as NT AUTHORITY\SYSTEM on the underlying operating system of an affected device. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVE-2017-1253

CRITICAL

CVSS:9.9(Critical)

IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability...

CWE-782017

CVE-2017-2866

CRITICAL

CVSS:9.9(Critical)

An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP req...

CWE-782017

CVE-2017-2890

CRITICAL

CVSS:9.9(Critical)

An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attac...

CWE-782017

CVE-2017-2917

CRITICAL

CVSS:9.9(Critical)

An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker ca...

CWE-782017

CVE-2017-7175

CRITICAL

CVSS:9.9(Critical)

NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field).

CWE-782017

CVE-2017-8220

CRITICAL

CVSS:9.9(Critical)

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP PO...

CWE-782017

CVE-2023-20036

Vulnerability Description

Related Vulnerabilities

CVE-2017-1253

CVE-2017-2866

CVE-2017-2890

CVE-2017-2917

CVE-2017-7175

CVE-2017-8220