What is CVE-2023-20009?

CVE-2023-20009 is a medium-severity vulnerability in Cisco Secure Email, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2023-02-16.

How severe is CVE-2023-20009?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Improper input validation in Cisco Secure Email

CVE-2023-20009

A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their pr…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.003 (54.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N.

Affected products

Cisco Secure Email — versions 11.0.3-238, 11.1.0-069, 11.1.0-131
Cisco Secure Email And Web Manager — versions 11.0.0-115, 11.0.1-161, 11.5.1-105

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

cisco-sa-esa-sma-privesc-9DVkFpJ8

Frequently asked questions

What is CVE-2023-20009?: CVE-2023-20009 is a medium-severity vulnerability in Cisco Secure Email, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2023-02-16.
How severe is CVE-2023-20009?: Medium severity. CVSS v3 base score is 6.5 out of 10.