mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
171 lines
7.5 KiB
JSON
171 lines
7.5 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2023-20039",
|
|
"ASSIGNER": "psirt@cisco.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data.\r\n\r\nThis vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the application data directory. A successful exploit could allow the attacker to view sensitive information.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. "
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Files or Directories Accessible to External Parties",
|
|
"cweId": "CWE-552"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Cisco",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Cisco Industrial Network Director",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.3.1"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.6.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.7.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.6.1"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.5.1"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.2.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.0.1"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.8.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.0.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.3.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.7.1"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.5.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.1.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.4.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.1.1"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.9.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.10.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.11.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.11.2"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "1.11.1"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V",
|
|
"refsource": "MISC",
|
|
"name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": "cisco-sa-ind-CAeLFk6V",
|
|
"discovery": "EXTERNAL",
|
|
"defects": [
|
|
"CSCwc29352"
|
|
]
|
|
},
|
|
"exploit": [
|
|
{
|
|
"lang": "en",
|
|
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
|
|
"baseScore": 5.5,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "LOCAL",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "HIGH",
|
|
"availabilityImpact": "NONE"
|
|
}
|
|
]
|
|
}
|
|
} |