- 300/2023
- Medium
Cisco has released security updates to fix multiple vulnerabilities across several products.
The addressed vulnerabilities could allow the attacker to bypass security, perform cross-site scripting attacks, gain elevated privileges, or trigger denial of services attacks on the affected products.
Sample of the addressed vulnerabilities:
1. Cisco Identity Services Engine Security Bypass (CVE-2023-20272):
- CVSS: 6.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Bypass Security
2. Cisco AppDynamics PHP Agent Privilege Escalation (CVE-2023-20274):
- CVSS: 6.3
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Privileges
Vulnerabilities
- CVE-2023-20084
- CVE-2023-20208
- CVE-2023-20240
- CVE-2023-20241
- CVE-2023-20265
- CVE-2023-20272
- CVE-2023-20274
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.