Privilege escalation in Cisco Broadworks_application_delivery_platform
CVE-2023-20216
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect imp…
Vulnerability class: Privilege Escalation
EPSS: 0.001 (4.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N.
Affected products
- Cisco Broadworks_application_delivery_platform
- Cisco Broadworks_application_server
- Cisco Broadworks_database_server
- Cisco Broadworks_execution_server
- Cisco Broadworks_media_server
- Cisco Broadworks_network_database_server
- Cisco Broadworks_network_function_manager
- Cisco Broadworks_network_server
- Cisco Broadworks_profile_server
- Cisco Broadworks_service_control_function_server
Weakness classification (CWE)
References
- psirt@cisco.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2023-20216?
- CVE-2023-20216 is a medium-severity vulnerability in Cisco Broadworks_application_delivery_platform, classified under Improper Privilege Management. CVSS score: 4.4/10. Published 2023-08-03.
- How severe is CVE-2023-20216?
- Medium severity. CVSS v3 base score is 4.4 out of 10.