admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-01-20 07:00:37 +00:00
parent d63489f6d9
commit d915ec83e3
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
32 changed files with 11263 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
2021/27xxx/CVE-2021-27782.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-27782",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@hcl.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "HCL Software",
"product": {
"product_data": [
{
"product_name": "BigFix Mobile",
"version": {
"version_data": [
{
"version_value": "2.0.x",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102477",
"refsource": "MISC",
"name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0102477"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

204
2022/20xxx/CVE-2022-20964.json
View File

@ -1,17 +1,213 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20964",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the web-based management interface. An attacker could exploit this vulnerability by manipulating requests to the web-based management interface to contain operating system commands. A successful exploit could allow the attacker to execute arbitrary operating system commands on the underlying operating system with the privileges of the web services user. Cisco has not yet released software updates that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_value": "2.6.0",
"version_affected": "="
},
{
"version_value": "2.6.0 p1",
"version_affected": "="
},
{
"version_value": "2.6.0 p2",
"version_affected": "="
},
{
"version_value": "2.6.0 p3",
"version_affected": "="
},
{
"version_value": "2.6.0 p5",
"version_affected": "="
},
{
"version_value": "2.6.0 p6",
"version_affected": "="
},
{
"version_value": "2.6.0 p7",
"version_affected": "="
},
{
"version_value": "2.6.0 p8",
"version_affected": "="
},
{
"version_value": "2.6.0 p9",
"version_affected": "="
},
{
"version_value": "2.6.0 p10",
"version_affected": "="
},
{
"version_value": "2.6.0 p11",
"version_affected": "="
},
{
"version_value": "2.6.0 p12",
"version_affected": "="
},
{
"version_value": "2.7.0",
"version_affected": "="
},
{
"version_value": "2.7.0 p1",
"version_affected": "="
},
{
"version_value": "2.7.0 p2",
"version_affected": "="
},
{
"version_value": "2.7.0 p3",
"version_affected": "="
},
{
"version_value": "2.7.0 p5",
"version_affected": "="
},
{
"version_value": "2.7.0 p6",
"version_affected": "="
},
{
"version_value": "2.7.0 p7",
"version_affected": "="
},
{
"version_value": "3.0.0",
"version_affected": "="
},
{
"version_value": "3.0.0 p1",
"version_affected": "="
},
{
"version_value": "3.0.0 p2",
"version_affected": "="
},
{
"version_value": "3.0.0 p3",
"version_affected": "="
},
{
"version_value": "3.0.0 p4",
"version_affected": "="
},
{
"version_value": "3.0.0 p5",
"version_affected": "="
},
{
"version_value": "3.0.0 p6",
"version_affected": "="
},
{
"version_value": "3.1.0",
"version_affected": "="
},
{
"version_value": "3.1.0 p1",
"version_affected": "="
},
{
"version_value": "3.1.0 p3",
"version_affected": "="
},
{
"version_value": "3.1.0 p4",
"version_affected": "="
},
{
"version_value": "3.2.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx"
}
]
},
"source": {
"advisory": "cisco-sa-ise-7Q4TNYUx",
"discovery": "EXTERNAL",
"defects": [
"CSCwc98823"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code for the vulnerabilities that are described in this advisory will become available after software fixes are released. Public reports of the vulnerabilities, including a description and classification without specific technical details, may become available after this advisory is published.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
}
]
}

208
2022/20xxx/CVE-2022-20965.json
View File

@ -1,17 +1,217 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20965",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted. {{value}} [\"%7b%7bvalue%7d%7d\"])}]]"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_value": "2.6.0",
"version_affected": "="
},
{
"version_value": "2.6.0 p1",
"version_affected": "="
},
{
"version_value": "2.6.0 p2",
"version_affected": "="
},
{
"version_value": "2.6.0 p3",
"version_affected": "="
},
{
"version_value": "2.6.0 p5",
"version_affected": "="
},
{
"version_value": "2.6.0 p6",
"version_affected": "="
},
{
"version_value": "2.6.0 p7",
"version_affected": "="
},
{
"version_value": "2.6.0 p8",
"version_affected": "="
},
{
"version_value": "2.6.0 p9",
"version_affected": "="
},
{
"version_value": "2.6.0 p10",
"version_affected": "="
},
{
"version_value": "2.6.0 p11",
"version_affected": "="
},
{
"version_value": "2.6.0 p12",
"version_affected": "="
},
{
"version_value": "2.7.0",
"version_affected": "="
},
{
"version_value": "2.7.0 p1",
"version_affected": "="
},
{
"version_value": "2.7.0 p2",
"version_affected": "="
},
{
"version_value": "2.7.0 p3",
"version_affected": "="
},
{
"version_value": "2.7.0 p4",
"version_affected": "="
},
{
"version_value": "2.7.0 p5",
"version_affected": "="
},
{
"version_value": "2.7.0 p6",
"version_affected": "="
},
{
"version_value": "2.7.0 p7",
"version_affected": "="
},
{
"version_value": "3.0.0",
"version_affected": "="
},
{
"version_value": "3.0.0 p1",
"version_affected": "="
},
{
"version_value": "3.0.0 p2",
"version_affected": "="
},
{
"version_value": "3.0.0 p3",
"version_affected": "="
},
{
"version_value": "3.0.0 p4",
"version_affected": "="
},
{
"version_value": "3.0.0 p5",
"version_affected": "="
},
{
"version_value": "3.0.0 p6",
"version_affected": "="
},
{
"version_value": "3.1.0",
"version_affected": "="
},
{
"version_value": "3.1.0 p1",
"version_affected": "="
},
{
"version_value": "3.1.0 p3",
"version_affected": "="
},
{
"version_value": "3.1.0 p4",
"version_affected": "="
},
{
"version_value": "3.2.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx"
}
]
},
"source": {
"advisory": "cisco-sa-ise-7Q4TNYUx",
"discovery": "EXTERNAL",
"defects": [
"CSCwc98828"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code for the vulnerabilities that are described in this advisory will become available after software fixes are released. Public reports of the vulnerabilities, including a description and classification without specific technical details, may become available after this advisory is published.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

208
2022/20xxx/CVE-2022-20966.json
View File

@ -1,17 +1,217 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20966",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks. Cisco has not yet released software updates that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_value": "2.6.0",
"version_affected": "="
},
{
"version_value": "2.6.0 p1",
"version_affected": "="
},
{
"version_value": "2.6.0 p2",
"version_affected": "="
},
{
"version_value": "2.6.0 p3",
"version_affected": "="
},
{
"version_value": "2.6.0 p5",
"version_affected": "="
},
{
"version_value": "2.6.0 p6",
"version_affected": "="
},
{
"version_value": "2.6.0 p7",
"version_affected": "="
},
{
"version_value": "2.6.0 p8",
"version_affected": "="
},
{
"version_value": "2.6.0 p9",
"version_affected": "="
},
{
"version_value": "2.6.0 p10",
"version_affected": "="
},
{
"version_value": "2.6.0 p11",
"version_affected": "="
},
{
"version_value": "2.6.0 p12",
"version_affected": "="
},
{
"version_value": "2.7.0",
"version_affected": "="
},
{
"version_value": "2.7.0 p1",
"version_affected": "="
},
{
"version_value": "2.7.0 p2",
"version_affected": "="
},
{
"version_value": "2.7.0 p3",
"version_affected": "="
},
{
"version_value": "2.7.0 p4",
"version_affected": "="
},
{
"version_value": "2.7.0 p5",
"version_affected": "="
},
{
"version_value": "2.7.0 p6",
"version_affected": "="
},
{
"version_value": "2.7.0 p7",
"version_affected": "="
},
{
"version_value": "3.0.0",
"version_affected": "="
},
{
"version_value": "3.0.0 p1",
"version_affected": "="
},
{
"version_value": "3.0.0 p2",
"version_affected": "="
},
{
"version_value": "3.0.0 p3",
"version_affected": "="
},
{
"version_value": "3.0.0 p4",
"version_affected": "="
},
{
"version_value": "3.0.0 p5",
"version_affected": "="
},
{
"version_value": "3.0.0 p6",
"version_affected": "="
},
{
"version_value": "3.1.0",
"version_affected": "="
},
{
"version_value": "3.1.0 p1",
"version_affected": "="
},
{
"version_value": "3.1.0 p3",
"version_affected": "="
},
{
"version_value": "3.1.0 p4",
"version_affected": "="
},
{
"version_value": "3.2.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx"
}
]
},
"source": {
"advisory": "cisco-sa-ise-7Q4TNYUx",
"discovery": "EXTERNAL",
"defects": [
"CSCwc98831"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code for the vulnerabilities that are described in this advisory will become available after software fixes are released. Public reports of the vulnerabilities, including a description and classification without specific technical details, may become available after this advisory is published.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

208
2022/20xxx/CVE-2022-20967.json
View File

@ -1,17 +1,217 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20967",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks. Cisco has not yet released software updates that address this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Identity Services Engine Software",
"version": {
"version_data": [
{
"version_value": "2.6.0",
"version_affected": "="
},
{
"version_value": "2.6.0 p1",
"version_affected": "="
},
{
"version_value": "2.6.0 p2",
"version_affected": "="
},
{
"version_value": "2.6.0 p3",
"version_affected": "="
},
{
"version_value": "2.6.0 p5",
"version_affected": "="
},
{
"version_value": "2.6.0 p6",
"version_affected": "="
},
{
"version_value": "2.6.0 p7",
"version_affected": "="
},
{
"version_value": "2.6.0 p8",
"version_affected": "="
},
{
"version_value": "2.6.0 p9",
"version_affected": "="
},
{
"version_value": "2.6.0 p10",
"version_affected": "="
},
{
"version_value": "2.6.0 p11",
"version_affected": "="
},
{
"version_value": "2.6.0 p12",
"version_affected": "="
},
{
"version_value": "2.7.0",
"version_affected": "="
},
{
"version_value": "2.7.0 p1",
"version_affected": "="
},
{
"version_value": "2.7.0 p2",
"version_affected": "="
},
{
"version_value": "2.7.0 p3",
"version_affected": "="
},
{
"version_value": "2.7.0 p4",
"version_affected": "="
},
{
"version_value": "2.7.0 p5",
"version_affected": "="
},
{
"version_value": "2.7.0 p6",
"version_affected": "="
},
{
"version_value": "2.7.0 p7",
"version_affected": "="
},
{
"version_value": "3.0.0",
"version_affected": "="
},
{
"version_value": "3.0.0 p1",
"version_affected": "="
},
{
"version_value": "3.0.0 p2",
"version_affected": "="
},
{
"version_value": "3.0.0 p3",
"version_affected": "="
},
{
"version_value": "3.0.0 p4",
"version_affected": "="
},
{
"version_value": "3.0.0 p5",
"version_affected": "="
},
{
"version_value": "3.0.0 p6",
"version_affected": "="
},
{
"version_value": "3.1.0",
"version_affected": "="
},
{
"version_value": "3.1.0 p1",
"version_affected": "="
},
{
"version_value": "3.1.0 p3",
"version_affected": "="
},
{
"version_value": "3.1.0 p4",
"version_affected": "="
},
{
"version_value": "3.2.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-7Q4TNYUx"
}
]
},
"source": {
"advisory": "cisco-sa-ise-7Q4TNYUx",
"discovery": "EXTERNAL",
"defects": [
"CSCwc98833"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code for the vulnerabilities that are described in this advisory will become available after software fixes are released. Public reports of the vulnerabilities, including a description and classification without specific technical details, may become available after this advisory is published.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

58
2022/48xxx/CVE-2022-48191.json
View File

@ -1,17 +1,67 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-48191",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Micro Maxium Security (Consumer)",
"version": {
"version_data": [
{
"version_value": "2022 (17.7)",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-11252",
"refsource": "MISC",
"name": "https://helpcenter.trendmicro.com/en-us/article/tmka-11252"
},
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-053/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-23-053/"
}
]
}

18
2023/0xxx/CVE-2023-0411.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0411",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/0xxx/CVE-2023-0412.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0412",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/0xxx/CVE-2023-0413.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0413",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/0xxx/CVE-2023-0414.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0414",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/0xxx/CVE-2023-0415.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0415",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/0xxx/CVE-2023-0416.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0416",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/0xxx/CVE-2023-0417.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0417",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

271
2023/20xxx/CVE-2023-20002.json
View File

@ -1,17 +1,280 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20002",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco RoomOS Software",
"version": {
"version_data": [
{
"version_value": "RoomOS 10.3.2.0",
"version_affected": "="
},
{
"version_value": "RoomOS 10.3.4.0",
"version_affected": "="
},
{
"version_value": "RoomOS 10.8.2.5",
"version_affected": "="
},
{
"version_value": "RoomOS 10.11.5.2",
"version_affected": "="
},
{
"version_value": "RoomOS 10.8.4.0",
"version_affected": "="
},
{
"version_value": "RoomOS 10.11.3.0",
"version_affected": "="
},
{
"version_value": "RoomOS 10.15.3.0",
"version_affected": "="
}
]
}
},
{
"product_name": "Cisco TelePresence Endpoint Software (TC/CE)",
"version": {
"version_data": [
{
"version_value": "CE8.1.1",
"version_affected": "="
},
{
"version_value": "CE8.3.0",
"version_affected": "="
},
{
"version_value": "CE8.3.5",
"version_affected": "="
},
{
"version_value": "CE9.0.1",
"version_affected": "="
},
{
"version_value": "CE9.1.1",
"version_affected": "="
},
{
"version_value": "CE9.1.2",
"version_affected": "="
},
{
"version_value": "CE9.1.3",
"version_affected": "="
},
{
"version_value": "CE9.1.4",
"version_affected": "="
},
{
"version_value": "CE9.1.5",
"version_affected": "="
},
{
"version_value": "CE9.1.6",
"version_affected": "="
},
{
"version_value": "CE9.10.1",
"version_affected": "="
},
{
"version_value": "CE9.10.2",
"version_affected": "="
},
{
"version_value": "CE9.10.3",
"version_affected": "="
},
{
"version_value": "CE9.12.4",
"version_affected": "="
},
{
"version_value": "CE9.12.5",
"version_affected": "="
},
{
"version_value": "CE9.12.3",
"version_affected": "="
},
{
"version_value": "CE9.13.0",
"version_affected": "="
},
{
"version_value": "CE9.13.1",
"version_affected": "="
},
{
"version_value": "CE9.13.3",
"version_affected": "="
},
{
"version_value": "CE9.13.2",
"version_affected": "="
},
{
"version_value": "CE9.2.1",
"version_affected": "="
},
{
"version_value": "CE9.2.2",
"version_affected": "="
},
{
"version_value": "CE9.2.3",
"version_affected": "="
},
{
"version_value": "CE9.2.4",
"version_affected": "="
},
{
"version_value": "CE9.9.3",
"version_affected": "="
},
{
"version_value": "CE9.9.4",
"version_affected": "="
},
{
"version_value": "CE9.14.3",
"version_affected": "="
},
{
"version_value": "CE9.14.5",
"version_affected": "="
},
{
"version_value": "CE9.14.4",
"version_affected": "="
},
{
"version_value": "CE9.14.6",
"version_affected": "="
},
{
"version_value": "CE9.15.0.11",
"version_affected": "="
},
{
"version_value": "CE9.15.0.10",
"version_affected": "="
},
{
"version_value": "CE9.15.10.8",
"version_affected": "="
},
{
"version_value": "CE9.15.3.26",
"version_affected": "="
},
{
"version_value": "CE9.15.3.25",
"version_affected": "="
},
{
"version_value": "RoomOS 10.8.4.0",
"version_affected": "="
},
{
"version_value": "RoomOS 10.11.3.0",
"version_affected": "="
},
{
"version_value": "RoomOS 10.11.5.2",
"version_affected": "="
},
{
"version_value": "RoomOS 10.15.3.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
}
]
},
"source": {
"advisory": "cisco-sa-roomos-dkjGFgRK",
"discovery": "INTERNAL",
"defects": [
"CSCwc85914"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

156
2023/20xxx/CVE-2023-20007.json
View File

@ -1,17 +1,165 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20007",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code or cause the web-based management process on the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The attacker must have valid administrator credentials. This vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the web-based management process to restart, resulting in a DoS condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_value": "1.0.00.29",
"version_affected": "="
},
{
"version_value": "1.0.00.33",
"version_affected": "="
},
{
"version_value": "1.0.01.16",
"version_affected": "="
},
{
"version_value": "1.0.01.17",
"version_affected": "="
},
{
"version_value": "1.0.01.18",
"version_affected": "="
},
{
"version_value": "1.0.01.20",
"version_affected": "="
},
{
"version_value": "1.0.02.16",
"version_affected": "="
},
{
"version_value": "1.0.03.15",
"version_affected": "="
},
{
"version_value": "1.0.03.16",
"version_affected": "="
},
{
"version_value": "1.0.03.17",
"version_affected": "="
},
{
"version_value": "1.0.03.18",
"version_affected": "="
},
{
"version_value": "1.0.03.19",
"version_affected": "="
},
{
"version_value": "1.0.03.20",
"version_affected": "="
},
{
"version_value": "1.0.03.21",
"version_affected": "="
},
{
"version_value": "1.0.03.22",
"version_affected": "="
},
{
"version_value": "1.0.03.24",
"version_affected": "="
},
{
"version_value": "1.0.03.26",
"version_affected": "="
},
{
"version_value": "1.0.03.27",
"version_affected": "="
},
{
"version_value": "1.0.03.28",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rcedos-7HjP74jD",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-rcedos-7HjP74jD"
}
]
},
"source": {
"advisory": "cisco-sa-sb-rv-rcedos-7HjP74jD",
"discovery": "EXTERNAL",
"defects": [
"CSCwc84443"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
}
]
}

343
2023/20xxx/CVE-2023-20008.json
View File

@ -1,17 +1,352 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20008",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco RoomOS Software",
"version": {
"version_data": [
{
"version_value": "RoomOS 10.3.2.0",
"version_affected": "="
},
{
"version_value": "RoomOS 10.3.4.0",
"version_affected": "="
},
{
"version_value": "RoomOS 10.8.2.5",
"version_affected": "="
},
{
"version_value": "RoomOS 10.11.5.2",
"version_affected": "="
},
{
"version_value": "RoomOS 10.8.4.0",
"version_affected": "="
},
{
"version_value": "RoomOS 10.11.3.0",
"version_affected": "="
},
{
"version_value": "RoomOS 10.15.3.0",
"version_affected": "="
}
]
}
},
{
"product_name": "Cisco TelePresence Endpoint Software (TC/CE)",
"version": {
"version_data": [
{
"version_value": "CE8.0.0",
"version_affected": "="
},
{
"version_value": "CE8.0.1",
"version_affected": "="
},
{
"version_value": "CE8.1.0",
"version_affected": "="
},
{
"version_value": "CE8.1.1",
"version_affected": "="
},
{
"version_value": "CE8.2.0",
"version_affected": "="
},
{
"version_value": "CE8.2.1",
"version_affected": "="
},
{
"version_value": "CE8.2.2",
"version_affected": "="
},
{
"version_value": "CE8.3.0",
"version_affected": "="
},
{
"version_value": "CE8.3.1",
"version_affected": "="
},
{
"version_value": "CE8.3.2",
"version_affected": "="
},
{
"version_value": "CE8.3.3",
"version_affected": "="
},
{
"version_value": "CE8.3.5",
"version_affected": "="
},
{
"version_value": "CE8.3.6",
"version_affected": "="
},
{
"version_value": "CE9.0.1",
"version_affected": "="
},
{
"version_value": "CE9.1.1",
"version_affected": "="
},
{
"version_value": "CE9.1.2",
"version_affected": "="
},
{
"version_value": "CE9.1.3",
"version_affected": "="
},
{
"version_value": "CE9.1.4",
"version_affected": "="
},
{
"version_value": "CE9.1.5",
"version_affected": "="
},
{
"version_value": "CE9.1.6",
"version_affected": "="
},
{
"version_value": "CE9.10.1",
"version_affected": "="
},
{
"version_value": "CE9.10.2",
"version_affected": "="
},
{
"version_value": "CE9.10.3",
"version_affected": "="
},
{
"version_value": "CE9.12.4",
"version_affected": "="
},
{
"version_value": "CE9.12.5",
"version_affected": "="
},
{
"version_value": "CE9.12.3",
"version_affected": "="
},
{
"version_value": "CE9.13.0",
"version_affected": "="
},
{
"version_value": "CE9.13.1",
"version_affected": "="
},
{
"version_value": "CE9.13.3",
"version_affected": "="
},
{
"version_value": "CE9.13.2",
"version_affected": "="
},
{
"version_value": "CE9.2.1",
"version_affected": "="
},
{
"version_value": "CE9.2.2",
"version_affected": "="
},
{
"version_value": "CE9.2.3",
"version_affected": "="
},
{
"version_value": "CE9.2.4",
"version_affected": "="
},
{
"version_value": "CE9.9.3",
"version_affected": "="
},
{
"version_value": "CE9.9.4",
"version_affected": "="
},
{
"version_value": "CE9.14.3",
"version_affected": "="
},
{
"version_value": "CE9.14.5",
"version_affected": "="
},
{
"version_value": "CE9.14.4",
"version_affected": "="
},
{
"version_value": "CE9.14.6",
"version_affected": "="
},
{
"version_value": "CE9.15.0.11",
"version_affected": "="
},
{
"version_value": "CE9.15.0.10",
"version_affected": "="
},
{
"version_value": "CE9.15.8.12",
"version_affected": "="
},
{
"version_value": "CE9.15.13.0",
"version_affected": "="
},
{
"version_value": "CE9.15.10.8",
"version_affected": "="
},
{
"version_value": "CE9.15.3.26",
"version_affected": "="
},
{
"version_value": "CE9.15.3.25",
"version_affected": "="
},
{
"version_value": "TC7.3.13",
"version_affected": "="
},
{
"version_value": "TC7.3.21",
"version_affected": "="
},
{
"version_value": "TC7.3.5",
"version_affected": "="
},
{
"version_value": "TC7.3.6",
"version_affected": "="
},
{
"version_value": "TC7.3.7",
"version_affected": "="
},
{
"version_value": "TC7.3.9",
"version_affected": "="
},
{
"version_value": "RoomOS 10.8.4.0",
"version_affected": "="
},
{
"version_value": "RoomOS 10.11.3.0",
"version_affected": "="
},
{
"version_value": "RoomOS 10.11.5.2",
"version_affected": "="
},
{
"version_value": "RoomOS 10.15.3.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-dkjGFgRK"
}
]
},
"source": {
"advisory": "cisco-sa-roomos-dkjGFgRK",
"discovery": "INTERNAL",
"defects": [
"CSCwc47201"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

141
2023/20xxx/CVE-2023-20010.json
View File

@ -1,17 +1,150 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20010",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read or modify any data on the underlying database or elevate their privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Unified Communications Manager",
"version": {
"version_data": [
{
"version_value": "12.0(1)SU1",
"version_affected": "="
},
{
"version_value": "12.0(1)SU2",
"version_affected": "="
},
{
"version_value": "12.0(1)SU3",
"version_affected": "="
},
{
"version_value": "12.0(1)SU4",
"version_affected": "="
},
{
"version_value": "12.0(1)SU5",
"version_affected": "="
},
{
"version_value": "12.5(1)",
"version_affected": "="
},
{
"version_value": "12.5(1)SU1",
"version_affected": "="
},
{
"version_value": "12.5(1)SU2",
"version_affected": "="
},
{
"version_value": "12.5(1)SU3",
"version_affected": "="
},
{
"version_value": "12.5(1)SU4",
"version_affected": "="
},
{
"version_value": "12.5(1)SU5",
"version_affected": "="
},
{
"version_value": "12.5(1)SU6",
"version_affected": "="
},
{
"version_value": "14",
"version_affected": "="
},
{
"version_value": "14SU1",
"version_affected": "="
},
{
"version_value": "14SU2",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n"
}
]
},
"source": {
"advisory": "cisco-sa-cucm-sql-rpPczR8n",
"discovery": "INTERNAL",
"defects": [
"CSCwb37205",
"CSCwb37563"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

385
2023/20xxx/CVE-2023-20018.json
View File

@ -1,17 +1,394 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20018",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Session Initiation Protocol (SIP) Software",
"version": {
"version_data": [
{
"version_value": "9.3(3)",
"version_affected": "="
},
{
"version_value": "9.3(4) 3rd Party",
"version_affected": "="
},
{
"version_value": "9.3(4)SR3 3rd Party",
"version_affected": "="
},
{
"version_value": "9.3(4)SR1 3rd Party",
"version_affected": "="
},
{
"version_value": "9.3(4)SR2 3rd Party",
"version_affected": "="
},
{
"version_value": "11.0(3)SR3",
"version_affected": "="
},
{
"version_value": "11.0(2)SR1",
"version_affected": "="
},
{
"version_value": "11.5(1)",
"version_affected": "="
},
{
"version_value": "11.0(5)SR2",
"version_affected": "="
},
{
"version_value": "11.0(2)",
"version_affected": "="
},
{
"version_value": "11.7(1)",
"version_affected": "="
},
{
"version_value": "11.0(4)SR3",
"version_affected": "="
},
{
"version_value": "11.0(0.7) MPP",
"version_affected": "="
},
{
"version_value": "11.0(4)SR2",
"version_affected": "="
},
{
"version_value": "11.0(3)SR5",
"version_affected": "="
},
{
"version_value": "11.0(3)SR6",
"version_affected": "="
},
{
"version_value": "11.0(3)",
"version_affected": "="
},
{
"version_value": "11.0(4)SR1",
"version_affected": "="
},
{
"version_value": "11.0(1) MPP",
"version_affected": "="
},
{
"version_value": "11.0(4)",
"version_affected": "="
},
{
"version_value": "11.0(3)SR4",
"version_affected": "="
},
{
"version_value": "11.0(5)",
"version_affected": "="
},
{
"version_value": "11.0(3)SR1",
"version_affected": "="
},
{
"version_value": "11.0(5)SR1",
"version_affected": "="
},
{
"version_value": "11.0(3)SR2",
"version_affected": "="
},
{
"version_value": "11.0(2)SR2",
"version_affected": "="
},
{
"version_value": "11.0(1)",
"version_affected": "="
},
{
"version_value": "11.5(1)SR1",
"version_affected": "="
},
{
"version_value": "11-0-1MSR1-1",
"version_affected": "="
},
{
"version_value": "10.4(1) 3rd Party",
"version_affected": "="
},
{
"version_value": "10.3(1.11) 3rd Party",
"version_affected": "="
},
{
"version_value": "10.2(2)",
"version_affected": "="
},
{
"version_value": "10.2(1)SR1",
"version_affected": "="
},
{
"version_value": "10.1(1.9)",
"version_affected": "="
},
{
"version_value": "10.1(1)SR2",
"version_affected": "="
},
{
"version_value": "10.2(1)",
"version_affected": "="
},
{
"version_value": "10.1(1)SR1",
"version_affected": "="
},
{
"version_value": "10.4(1)SR2 3rd Party",
"version_affected": "="
},
{
"version_value": "10.3(1)",
"version_affected": "="
},
{
"version_value": "10.3(1)SR4b",
"version_affected": "="
},
{
"version_value": "10.3(1)SR5",
"version_affected": "="
},
{
"version_value": "10.3(1.9) 3rd Party",
"version_affected": "="
},
{
"version_value": "10.3(2)",
"version_affected": "="
},
{
"version_value": "10.3(1)SR4",
"version_affected": "="
},
{
"version_value": "10.3(1)SR2",
"version_affected": "="
},
{
"version_value": "10.3(1)SR3",
"version_affected": "="
},
{
"version_value": "10.3(1)SR1",
"version_affected": "="
},
{
"version_value": "12.6(1)",
"version_affected": "="
},
{
"version_value": "12.1(1)",
"version_affected": "="
},
{
"version_value": "12.5(1)SR1",
"version_affected": "="
},
{
"version_value": "12.5(1)SR2",
"version_affected": "="
},
{
"version_value": "12.5(1)",
"version_affected": "="
},
{
"version_value": "12.5(1)SR3",
"version_affected": "="
},
{
"version_value": "12.6(1)SR1",
"version_affected": "="
},
{
"version_value": "12.7(1)",
"version_affected": "="
},
{
"version_value": "12.1(1)SR1",
"version_affected": "="
},
{
"version_value": "12.0(1)",
"version_affected": "="
},
{
"version_value": "12.0(1)SR2",
"version_affected": "="
},
{
"version_value": "12.0(1)SR1",
"version_affected": "="
},
{
"version_value": "12.0(1)SR3",
"version_affected": "="
},
{
"version_value": "12.8(1)",
"version_affected": "="
},
{
"version_value": "12.8(1)SR1",
"version_affected": "="
},
{
"version_value": "12.8(1)SR2",
"version_affected": "="
},
{
"version_value": "11.0(5)SR3",
"version_affected": "="
},
{
"version_value": "11.0(6)",
"version_affected": "="
},
{
"version_value": "11.0(6)SR1",
"version_affected": "="
},
{
"version_value": "11.0(6)SR2",
"version_affected": "="
},
{
"version_value": "10.3(1)SR6",
"version_affected": "="
},
{
"version_value": "10.3(1)SR7",
"version_affected": "="
},
{
"version_value": "12.7(1)SR1",
"version_affected": "="
},
{
"version_value": "14.0(1)SR1",
"version_affected": "="
},
{
"version_value": "14.0(1)",
"version_affected": "="
},
{
"version_value": "14.0(1)SR2",
"version_affected": "="
},
{
"version_value": "14.0(1)SR3",
"version_affected": "="
},
{
"version_value": "14.1(1)",
"version_affected": "="
},
{
"version_value": "14.1(1)SR1",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR"
}
]
},
"source": {
"advisory": "cisco-sa-ip-phone-auth-bypass-pSqxZRPR",
"discovery": "EXTERNAL",
"defects": [
"CSCwc37223",
"CSCwc37234"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
}
]
}

84
2023/20xxx/CVE-2023-20019.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20019",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco BroadWorks",
"version": {
"version_data": [
{
"version_value": "N/A",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-xss-EzqDXqG4",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-xss-EzqDXqG4"
}
]
},
"source": {
"advisory": "cisco-sa-bw-xss-EzqDXqG4",
"discovery": "INTERNAL",
"defects": [
"CSCwd48645"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

7488
2023/20xxx/CVE-2023-20020.json
View File

File diff suppressed because it is too large Load Diff

176
2023/20xxx/CVE-2023-20025.json
View File

@ -1,17 +1,185 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20025",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_value": "2.0.0.19-tm",
"version_affected": "="
},
{
"version_value": "2.0.2.01-tm",
"version_affected": "="
},
{
"version_value": "1.3.12.19-tm",
"version_affected": "="
},
{
"version_value": "1.3.12.6-tm",
"version_affected": "="
},
{
"version_value": "1.3.13.02-tm",
"version_affected": "="
},
{
"version_value": "1.3.9.8-tm",
"version_affected": "="
},
{
"version_value": "4.0.0.7",
"version_affected": "="
},
{
"version_value": "4.0.2.08-tm",
"version_affected": "="
},
{
"version_value": "4.0.3.03-tm",
"version_affected": "="
},
{
"version_value": "4.0.4.02-tm",
"version_affected": "="
},
{
"version_value": "4.2.1.02",
"version_affected": "="
},
{
"version_value": "4.2.2.08",
"version_affected": "="
},
{
"version_value": "4.2.3.03",
"version_affected": "="
},
{
"version_value": "4.2.3.06",
"version_affected": "="
},
{
"version_value": "4.2.3.07",
"version_affected": "="
},
{
"version_value": "4.2.3.08",
"version_affected": "="
},
{
"version_value": "4.2.3.09",
"version_affected": "="
},
{
"version_value": "4.2.3.10",
"version_affected": "="
},
{
"version_value": "4.2.3.14",
"version_affected": "="
},
{
"version_value": "3.0.0.1-tm",
"version_affected": "="
},
{
"version_value": "3.0.0.19-tm",
"version_affected": "="
},
{
"version_value": "3.0.2.01-tm",
"version_affected": "="
},
{
"version_value": "4.1.1.01",
"version_affected": "="
},
{
"version_value": "4.1.0.02-tm",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5"
}
]
},
"source": {
"advisory": "cisco-sa-sbr042-multi-vuln-ej76Pke5",
"discovery": "EXTERNAL",
"defects": [
"CSCwd47551"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

176
2023/20xxx/CVE-2023-20026.json
View File

@ -1,17 +1,185 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20026",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business Routers RV042 Series could allow an authenticated, remote attacker to inject arbitrary commands on an affected device. This vulnerability is due to improper validation of user input fields within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_value": "2.0.0.19-tm",
"version_affected": "="
},
{
"version_value": "2.0.2.01-tm",
"version_affected": "="
},
{
"version_value": "1.3.12.19-tm",
"version_affected": "="
},
{
"version_value": "1.3.12.6-tm",
"version_affected": "="
},
{
"version_value": "1.3.13.02-tm",
"version_affected": "="
},
{
"version_value": "1.3.9.8-tm",
"version_affected": "="
},
{
"version_value": "4.0.0.7",
"version_affected": "="
},
{
"version_value": "4.0.2.08-tm",
"version_affected": "="
},
{
"version_value": "4.0.3.03-tm",
"version_affected": "="
},
{
"version_value": "4.0.4.02-tm",
"version_affected": "="
},
{
"version_value": "4.2.1.02",
"version_affected": "="
},
{
"version_value": "4.2.2.08",
"version_affected": "="
},
{
"version_value": "4.2.3.03",
"version_affected": "="
},
{
"version_value": "4.2.3.06",
"version_affected": "="
},
{
"version_value": "4.2.3.07",
"version_affected": "="
},
{
"version_value": "4.2.3.08",
"version_affected": "="
},
{
"version_value": "4.2.3.09",
"version_affected": "="
},
{
"version_value": "4.2.3.10",
"version_affected": "="
},
{
"version_value": "4.2.3.14",
"version_affected": "="
},
{
"version_value": "3.0.0.1-tm",
"version_affected": "="
},
{
"version_value": "3.0.0.19-tm",
"version_affected": "="
},
{
"version_value": "3.0.2.01-tm",
"version_affected": "="
},
{
"version_value": "4.1.1.01",
"version_affected": "="
},
{
"version_value": "4.1.0.02-tm",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5"
}
]
},
"source": {
"advisory": "cisco-sa-sbr042-multi-vuln-ej76Pke5",
"discovery": "EXTERNAL",
"defects": [
"CSCwd60199"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

104
2023/20xxx/CVE-2023-20037.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20037",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by sending requests containing malicious values to the affected system. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Industrial Network Director",
"version": {
"version_data": [
{
"version_value": "1.5.0",
"version_affected": "="
},
{
"version_value": "1.5.1",
"version_affected": "="
},
{
"version_value": "1.4.0",
"version_affected": "="
},
{
"version_value": "1.0.0",
"version_affected": "="
},
{
"version_value": "1.6.0",
"version_affected": "="
},
{
"version_value": "1.6.1",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG"
}
]
},
"source": {
"advisory": "cisco-sa-ind-fZyVjJtG",
"discovery": "EXTERNAL",
"defects": [
"CSCwc29356"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

100
2023/20xxx/CVE-2023-20038.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20038",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Industrial Network Director",
"version": {
"version_data": [
{
"version_value": "1.5.0",
"version_affected": "="
},
{
"version_value": "1.5.1",
"version_affected": "="
},
{
"version_value": "1.4.0",
"version_affected": "="
},
{
"version_value": "1.0.0",
"version_affected": "="
},
{
"version_value": "1.0.1",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG"
}
]
},
"source": {
"advisory": "cisco-sa-ind-fZyVjJtG",
"discovery": "EXTERNAL",
"defects": [
"CSCwc29341"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

84
2023/20xxx/CVE-2023-20040.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20040",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the NETCONF service of Cisco Network Services Orchestrator (NSO) could allow an authenticated, remote attacker to cause a denial of service (DoS) on an affected system that is running as the root user. To exploit this vulnerability, the attacker must be a member of the admin group. This vulnerability exists because user-supplied input is not properly validated when NETCONF is used to upload packages to an affected device. An attacker could exploit this vulnerability by uploading a specially crafted package file. A successful exploit could allow the attacker to write crafted files to arbitrary locations on the filesystem or delete arbitrary files from the filesystem of an affected device, resulting in a DoS condition. Note: By default, during install, Cisco NSO will be set up to run as the root user unless the --run-as-user option is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Network Services Orchestrator",
"version": {
"version_data": [
{
"version_value": "N/A",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-zjBeMkZg"
}
]
},
"source": {
"advisory": "cisco-sa-nso-path-trvsl-zjBeMkZg",
"discovery": "INTERNAL",
"defects": [
"CSCwb11065"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
}
]
}

140
2023/20xxx/CVE-2023-20043.json
View File

@ -1,17 +1,149 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20043",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by calling the script with sudo. A successful exploit could allow the attacker to take complete control of the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco CX Cloud Agent",
"version": {
"version_data": [
{
"version_value": "0.9",
"version_affected": "="
},
{
"version_value": "0.0.1",
"version_affected": "="
},
{
"version_value": "0.0.2",
"version_affected": "="
},
{
"version_value": "0.9.2",
"version_affected": "="
},
{
"version_value": "0.9.3",
"version_affected": "="
},
{
"version_value": "1.1",
"version_affected": "="
},
{
"version_value": "1.2",
"version_affected": "="
},
{
"version_value": "1.3",
"version_affected": "="
},
{
"version_value": "1.4",
"version_affected": "="
},
{
"version_value": "1.5",
"version_affected": "="
},
{
"version_value": "1.6",
"version_affected": "="
},
{
"version_value": "1.7",
"version_affected": "="
},
{
"version_value": "1.8",
"version_affected": "="
},
{
"version_value": "1.0.0",
"version_affected": "="
},
{
"version_value": "2.2",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ"
}
]
},
"source": {
"advisory": "cisco-sa-cxagent-gOq9QjqZ",
"discovery": "INTERNAL",
"defects": [
"CSCwa73699"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

160
2023/20xxx/CVE-2023-20044.json
View File

@ -1,17 +1,169 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20044",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco CX Cloud Agent",
"version": {
"version_data": [
{
"version_value": "0.9",
"version_affected": "="
},
{
"version_value": "0.0.1",
"version_affected": "="
},
{
"version_value": "0.0.2",
"version_affected": "="
},
{
"version_value": "0.9.2",
"version_affected": "="
},
{
"version_value": "0.9.3",
"version_affected": "="
},
{
"version_value": "1.1",
"version_affected": "="
},
{
"version_value": "1.10",
"version_affected": "="
},
{
"version_value": "1.11",
"version_affected": "="
},
{
"version_value": "1.12",
"version_affected": "="
},
{
"version_value": "1.2",
"version_affected": "="
},
{
"version_value": "1.3",
"version_affected": "="
},
{
"version_value": "1.4",
"version_affected": "="
},
{
"version_value": "1.5",
"version_affected": "="
},
{
"version_value": "1.6",
"version_affected": "="
},
{
"version_value": "1.7",
"version_affected": "="
},
{
"version_value": "1.8",
"version_affected": "="
},
{
"version_value": "1.9",
"version_affected": "="
},
{
"version_value": "1.0.0",
"version_affected": "="
},
{
"version_value": "2.0",
"version_affected": "="
},
{
"version_value": "2.2",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cxagent-gOq9QjqZ"
}
]
},
"source": {
"advisory": "cisco-sa-cxagent-gOq9QjqZ",
"discovery": "INTERNAL",
"defects": [
"CSCwd51828"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
}
]
}

84
2023/20xxx/CVE-2023-20045.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20045",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands using root-level privileges on the affected device. To exploit this vulnerability, the attacker must have valid Administrator-level credentials on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Small Business RV Series Router Firmware",
"version": {
"version_data": [
{
"version_value": "N/A",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-cmd-exe-n47kJQLE",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-cmd-exe-n47kJQLE"
}
]
},
"source": {
"advisory": "cisco-sa-rv-cmd-exe-n47kJQLE",
"discovery": "EXTERNAL",
"defects": [
"CSCwd62514"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
}
]
}

97
2023/20xxx/CVE-2023-20047.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20047",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient resource allocation. An attacker could exploit this vulnerability by sending crafted LLDP traffic to an affected device. A successful exploit could allow the attacker to exhaust the memory resources of the affected device, resulting in a crash of the LLDP process. If the affected device is configured to support LLDP only, this could cause an interruption to inbound and outbound calling. By default, these devices are configured to support both Cisco Discovery Protocol and LLDP. To recover operational state, the affected device needs a manual restart."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Webex Room Phone",
"version": {
"version_data": [
{
"version_value": "RoomPhone 1.1.0",
"version_affected": "="
},
{
"version_value": "RoomPhone 1.2.0",
"version_affected": "="
},
{
"version_value": "RoomPhone 1.2.0SR1",
"version_affected": "="
},
{
"version_value": "RoomPhone 1.2.0SR2",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lldp-memlk-McOecPT",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-lldp-memlk-McOecPT"
}
]
},
"source": {
"advisory": "cisco-sa-lldp-memlk-McOecPT",
"discovery": "EXTERNAL",
"defects": [
"CSCwb22136",
"CSCwb25580"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
}
]
}

144
2023/20xxx/CVE-2023-20057.json
View File

@ -1,17 +1,153 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20057",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Email Security Appliance (ESA)",
"version": {
"version_data": [
{
"version_value": "10.0.1-087",
"version_affected": "="
},
{
"version_value": "11.0.3-238",
"version_affected": "="
},
{
"version_value": "11.1.0-069",
"version_affected": "="
},
{
"version_value": "11.1.0-131",
"version_affected": "="
},
{
"version_value": "11.1.0-128",
"version_affected": "="
},
{
"version_value": "11.1.1-000",
"version_affected": "="
},
{
"version_value": "11.1.2-000",
"version_affected": "="
},
{
"version_value": "12.0.0-419",
"version_affected": "="
},
{
"version_value": "12.1.0-071",
"version_affected": "="
},
{
"version_value": "12.1.0-087",
"version_affected": "="
},
{
"version_value": "12.1.0-089",
"version_affected": "="
},
{
"version_value": "13.0.0-392",
"version_affected": "="
},
{
"version_value": "13.5.1-277",
"version_affected": "="
},
{
"version_value": "12.5.0-066",
"version_affected": "="
},
{
"version_value": "14.0.0-698",
"version_affected": "="
},
{
"version_value": "14.2.0-620",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-url-bypass-WbMQqNJh",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-url-bypass-WbMQqNJh"
}
]
},
"source": {
"advisory": "cisco-sa-esa-url-bypass-WbMQqNJh",
"discovery": "EXTERNAL",
"defects": [
"CSCwb58117"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

119
2023/20xxx/CVE-2023-20058.json
View File

@ -1,17 +1,128 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-20058",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cisco",
"product": {
"product_data": [
{
"product_name": "Cisco Unified Contact Center Enterprise",
"version": {
"version_data": [
{
"version_value": "N/A",
"version_affected": "="
}
]
}
},
{
"product_name": "Cisco Unified Intelligence Center",
"version": {
"version_data": [
{
"version_value": "11.0(1)",
"version_affected": "="
},
{
"version_value": "11.5(1)",
"version_affected": "="
},
{
"version_value": "11.6(1)",
"version_affected": "="
},
{
"version_value": "12.0(1)",
"version_affected": "="
},
{
"version_value": "12.5(1)",
"version_affected": "="
},
{
"version_value": "12.5(1)SU",
"version_affected": "="
},
{
"version_value": "12.6(1)",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX",
"refsource": "MISC",
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuis-xss-Omm8jyBX"
}
]
},
"source": {
"advisory": "cisco-sa-cuis-xss-Omm8jyBX",
"discovery": "EXTERNAL",
"defects": [
"CSCwc84104"
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
}
]
}

18
2023/23xxx/CVE-2023-23969.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23969",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}