CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-20009

A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or authenticated local attacker to escalate their privilege level and gain root access. The attacker has to have a valid user credential with at least a [[privilege of operator - validate actual name]]. The vulnerability is due to the processing of a specially crafted SNMP configuration file. An attacker could exploit this vulnerability by authenticating to the targeted device and uploading a specially crafted SNMP configuration file that when uploaded could allow for the execution of commands as root. An exploit could allow the attacker to gain root access on the device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 36.2%

CVSS Severity

CVSS v3 Score 6.5

References

Products affected by CVE-2023-20009

Cisco » Email Security Appliance » Version: N/A

cpe:2.3:a:cisco:email_security_appliance:-
Cisco » Email Security Appliance » Version: 10.0.0-203

cpe:2.3:a:cisco:email_security_appliance:10.0.0-203
Cisco » Email Security Appliance » Version: 10.0.0-232

cpe:2.3:a:cisco:email_security_appliance:10.0.0-232
Cisco » Email Security Appliance » Version: 10.1.0-049

cpe:2.3:a:cisco:email_security_appliance:10.1.0-049
Cisco » Email Security Appliance » Version: 11.0.1-hp5-602

cpe:2.3:a:cisco:email_security_appliance:11.0.1-hp5-602
Cisco » Email Security Appliance » Version: 11.1.0-131

cpe:2.3:a:cisco:email_security_appliance:11.1.0-131
Cisco » Email Security Appliance » Version: 11.1.0-404

cpe:2.3:a:cisco:email_security_appliance:11.1.0-404
Cisco » Email Security Appliance » Version: 11.1.2

cpe:2.3:a:cisco:email_security_appliance:11.1.2
Cisco » Email Security Appliance » Version: 11.1.2-023

cpe:2.3:a:cisco:email_security_appliance:11.1.2-023
Cisco » Email Security Appliance » Version: 11.1.8-076

cpe:2.3:a:cisco:email_security_appliance:11.1.8-076
Cisco » Email Security Appliance » Version: 12.0.0

cpe:2.3:a:cisco:email_security_appliance:12.0.0
Cisco » Email Security Appliance » Version: 12.0.0-208

cpe:2.3:a:cisco:email_security_appliance:12.0.0-208
Cisco » Email Security Appliance » Version: 12.0.0-419

cpe:2.3:a:cisco:email_security_appliance:12.0.0-419
Cisco » Email Security Appliance » Version: 12.5.0

cpe:2.3:a:cisco:email_security_appliance:12.5.0
Cisco » Email Security Appliance » Version: 12.5.0-066

cpe:2.3:a:cisco:email_security_appliance:12.5.0-066
Cisco » Email Security Appliance » Version: 12.5.1-031

cpe:2.3:a:cisco:email_security_appliance:12.5.1-031
Cisco » Email Security Appliance » Version: 12.5.1-037

cpe:2.3:a:cisco:email_security_appliance:12.5.1-037
Cisco » Email Security Appliance » Version: 13.0.0

cpe:2.3:a:cisco:email_security_appliance:13.0.0
Cisco » Email Security Appliance » Version: 13.0.0-226

cpe:2.3:a:cisco:email_security_appliance:13.0.0-226
Cisco » Email Security Appliance » Version: 13.0.0-311

cpe:2.3:a:cisco:email_security_appliance:13.0.0-311
Cisco » Email Security Appliance » Version: 13.0.0-314

cpe:2.3:a:cisco:email_security_appliance:13.0.0-314
Cisco » Email Security Appliance » Version: 13.0.0-375

cpe:2.3:a:cisco:email_security_appliance:13.0.0-375
Cisco » Email Security Appliance » Version: 13.0.0-392

cpe:2.3:a:cisco:email_security_appliance:13.0.0-392
Cisco » Email Security Appliance » Version: 13.0.1

cpe:2.3:a:cisco:email_security_appliance:13.0.1
Cisco » Email Security Appliance » Version: 13.5.0

cpe:2.3:a:cisco:email_security_appliance:13.5.0
Cisco » Email Security Appliance » Version: 13.5.1

cpe:2.3:a:cisco:email_security_appliance:13.5.1
Cisco » Email Security Appliance » Version: 14.0.0

cpe:2.3:a:cisco:email_security_appliance:14.0.0
Cisco » Email Security Appliance » Version: 14.0.3-015

cpe:2.3:a:cisco:email_security_appliance:14.0.3-015
Cisco » Email Security Appliance » Version: 14.02.0-020

cpe:2.3:a:cisco:email_security_appliance:14.02.0-020
Cisco » Email Security Appliance » Version: 14.1.0

cpe:2.3:a:cisco:email_security_appliance:14.1.0
Cisco » Email Security Appliance » Version: 14.2.1-015

cpe:2.3:a:cisco:email_security_appliance:14.2.1-015
Cisco » Email Security Appliance » Version: 14.3.0

cpe:2.3:a:cisco:email_security_appliance:14.3.0
Cisco » Email Security Appliance » Version: 14.3.0-020

cpe:2.3:a:cisco:email_security_appliance:14.3.0-020
Cisco » Email Security Appliance » Version: 14.3.0-023

cpe:2.3:a:cisco:email_security_appliance:14.3.0-023
Cisco » Email Security Appliance » Version: 7.1.0

cpe:2.3:a:cisco:email_security_appliance:7.1.0
Cisco » Email Security Appliance » Version: 7.1.1

cpe:2.3:a:cisco:email_security_appliance:7.1.1
Cisco » Email Security Appliance » Version: 7.1.2

cpe:2.3:a:cisco:email_security_appliance:7.1.2
Cisco » Email Security Appliance » Version: 7.1.3

cpe:2.3:a:cisco:email_security_appliance:7.1.3
Cisco » Email Security Appliance » Version: 7.1.4

cpe:2.3:a:cisco:email_security_appliance:7.1.4
Cisco » Email Security Appliance » Version: 7.1.5

cpe:2.3:a:cisco:email_security_appliance:7.1.5
Cisco » Email Security Appliance » Version: 7.3.0

cpe:2.3:a:cisco:email_security_appliance:7.3.0
Cisco » Email Security Appliance » Version: 7.3.1

cpe:2.3:a:cisco:email_security_appliance:7.3.1
Cisco » Email Security Appliance » Version: 7.3.2

cpe:2.3:a:cisco:email_security_appliance:7.3.2
Cisco » Email Security Appliance » Version: 7.5.0

cpe:2.3:a:cisco:email_security_appliance:7.5.0
Cisco » Email Security Appliance » Version: 7.5.1

cpe:2.3:a:cisco:email_security_appliance:7.5.1
Cisco » Email Security Appliance » Version: 7.5.2

cpe:2.3:a:cisco:email_security_appliance:7.5.2
Cisco » Email Security Appliance » Version: 7.5.2-201

cpe:2.3:a:cisco:email_security_appliance:7.5.2-201
Cisco » Email Security Appliance » Version: 7.5.2-hp2-303

cpe:2.3:a:cisco:email_security_appliance:7.5.2-hp2-303
Cisco » Email Security Appliance » Version: 7.6.0

cpe:2.3:a:cisco:email_security_appliance:7.6.0
Cisco » Email Security Appliance » Version: 7.6.1-000

cpe:2.3:a:cisco:email_security_appliance:7.6.1-000
Cisco » Email Security Appliance » Version: 7.6.1-gpl-022

cpe:2.3:a:cisco:email_security_appliance:7.6.1-gpl-022
Cisco » Email Security Appliance » Version: 7.6.2

cpe:2.3:a:cisco:email_security_appliance:7.6.2
Cisco » Email Security Appliance » Version: 7.6.3-000

cpe:2.3:a:cisco:email_security_appliance:7.6.3-000
Cisco » Email Security Appliance » Version: 7.6.3-025

cpe:2.3:a:cisco:email_security_appliance:7.6.3-025
Cisco » Email Security Appliance » Version: 7.7.0-000

cpe:2.3:a:cisco:email_security_appliance:7.7.0-000
Cisco » Email Security Appliance » Version: 7.7.1-000

cpe:2.3:a:cisco:email_security_appliance:7.7.1-000
Cisco » Email Security Appliance » Version: 7.8.0

cpe:2.3:a:cisco:email_security_appliance:7.8.0
Cisco » Email Security Appliance » Version: 7.8.0-311

cpe:2.3:a:cisco:email_security_appliance:7.8.0-311
Cisco » Email Security Appliance » Version: 8.0.1-023

cpe:2.3:a:cisco:email_security_appliance:8.0.1-023
Cisco » Email Security Appliance » Version: 8.0_base

cpe:2.3:a:cisco:email_security_appliance:8.0_base
Cisco » Email Security Appliance » Version: 8.5.0-000

cpe:2.3:a:cisco:email_security_appliance:8.5.0-000
Cisco » Email Security Appliance » Version: 8.5.0-er1-198

cpe:2.3:a:cisco:email_security_appliance:8.5.0-er1-198
Cisco » Email Security Appliance » Version: 8.5.1-021

cpe:2.3:a:cisco:email_security_appliance:8.5.1-021
Cisco » Email Security Appliance » Version: 8.5.6-052

cpe:2.3:a:cisco:email_security_appliance:8.5.6-052
Cisco » Email Security Appliance » Version: 8.5.6-073

cpe:2.3:a:cisco:email_security_appliance:8.5.6-073
Cisco » Email Security Appliance » Version: 8.5.6-074

cpe:2.3:a:cisco:email_security_appliance:8.5.6-074
Cisco » Email Security Appliance » Version: 8.5.6-106

cpe:2.3:a:cisco:email_security_appliance:8.5.6-106
Cisco » Email Security Appliance » Version: 8.5.6-113

cpe:2.3:a:cisco:email_security_appliance:8.5.6-113
Cisco » Email Security Appliance » Version: 8.5.7-042

cpe:2.3:a:cisco:email_security_appliance:8.5.7-042
Cisco » Email Security Appliance » Version: 8.6.0

cpe:2.3:a:cisco:email_security_appliance:8.6.0
Cisco » Email Security Appliance » Version: 8.6.0-011

cpe:2.3:a:cisco:email_security_appliance:8.6.0-011
Cisco » Email Security Appliance » Version: 8.9.0

cpe:2.3:a:cisco:email_security_appliance:8.9.0
Cisco » Email Security Appliance » Version: 8.9.1-000

cpe:2.3:a:cisco:email_security_appliance:8.9.1-000
Cisco » Email Security Appliance » Version: 8.9.2-032

cpe:2.3:a:cisco:email_security_appliance:8.9.2-032
Cisco » Email Security Appliance » Version: 9.0.0

cpe:2.3:a:cisco:email_security_appliance:9.0.0
Cisco » Email Security Appliance » Version: 9.0.0-212

cpe:2.3:a:cisco:email_security_appliance:9.0.0-212
Cisco » Email Security Appliance » Version: 9.0.0-461

cpe:2.3:a:cisco:email_security_appliance:9.0.0-461
Cisco » Email Security Appliance » Version: 9.0.5-000

cpe:2.3:a:cisco:email_security_appliance:9.0.5-000
Cisco » Email Security Appliance » Version: 9.1.0

cpe:2.3:a:cisco:email_security_appliance:9.1.0
Cisco » Email Security Appliance » Version: 9.1.0-011

cpe:2.3:a:cisco:email_security_appliance:9.1.0-011
Cisco » Email Security Appliance » Version: 9.1.0-032

cpe:2.3:a:cisco:email_security_appliance:9.1.0-032
Cisco » Email Security Appliance » Version: 9.1.0-101

cpe:2.3:a:cisco:email_security_appliance:9.1.0-101
Cisco » Email Security Appliance » Version: 9.1.1-000

cpe:2.3:a:cisco:email_security_appliance:9.1.1-000
Cisco » Email Security Appliance » Version: 9.1.1-036

cpe:2.3:a:cisco:email_security_appliance:9.1.1-036
Cisco » Email Security Appliance » Version: 9.4.0

cpe:2.3:a:cisco:email_security_appliance:9.4.0
Cisco » Email Security Appliance » Version: 9.4.4-000

cpe:2.3:a:cisco:email_security_appliance:9.4.4-000
Cisco » Email Security Appliance » Version: 9.5.0-000

cpe:2.3:a:cisco:email_security_appliance:9.5.0-000
Cisco » Email Security Appliance » Version: 9.5.0-201

cpe:2.3:a:cisco:email_security_appliance:9.5.0-201
Cisco » Email Security Appliance » Version: 9.6.0-000

cpe:2.3:a:cisco:email_security_appliance:9.6.0-000
Cisco » Email Security Appliance » Version: 9.6.0-042

cpe:2.3:a:cisco:email_security_appliance:9.6.0-042
Cisco » Email Security Appliance » Version: 9.6.0-051

cpe:2.3:a:cisco:email_security_appliance:9.6.0-051
Cisco » Email Security Appliance » Version: 9.7.0-125

cpe:2.3:a:cisco:email_security_appliance:9.7.0-125
Cisco » Email Security Appliance » Version: 9.7.1-066

cpe:2.3:a:cisco:email_security_appliance:9.7.1-066
Cisco » Email Security Appliance » Version: 9.7.1-hp2-207

cpe:2.3:a:cisco:email_security_appliance:9.7.1-hp2-207
Cisco » Email Security Appliance » Version: 9.7.2-065

cpe:2.3:a:cisco:email_security_appliance:9.7.2-065
Cisco » Email Security Appliance » Version: 9.8.5-085

cpe:2.3:a:cisco:email_security_appliance:9.8.5-085
Cisco » Email Security Appliance » Version: 9.9.6-026

cpe:2.3:a:cisco:email_security_appliance:9.9.6-026
Cisco » Email Security Appliance » Version: 9.9_base

cpe:2.3:a:cisco:email_security_appliance:9.9_base
Cisco » Secure Email And Web Manager » Version: N/A

cpe:2.3:a:cisco:secure_email_and_web_manager:-
Cisco » Secure Email And Web Manager » Version: 12.0.0

cpe:2.3:a:cisco:secure_email_and_web_manager:12.0.0
Cisco » Secure Email And Web Manager » Version: 12.5.0

cpe:2.3:a:cisco:secure_email_and_web_manager:12.5.0
Cisco » Secure Email And Web Manager » Version: 13.8.0

cpe:2.3:a:cisco:secure_email_and_web_manager:13.8.0
Cisco » Secure Email And Web Manager » Version: 13.8.1

cpe:2.3:a:cisco:secure_email_and_web_manager:13.8.1
Cisco » Secure Email And Web Manager » Version: 14.0.0

cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.0
Cisco » Secure Email And Web Manager » Version: 14.0.0-418

cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.0-418
Cisco » Secure Email And Web Manager » Version: 14.0.1-033

cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-033
Cisco » Secure Email And Web Manager » Version: 14.0.1-053

cpe:2.3:a:cisco:secure_email_and_web_manager:14.0.1-053
Cisco » Secure Email And Web Manager » Version: 14.1.0

cpe:2.3:a:cisco:secure_email_and_web_manager:14.1.0
Cisco » Secure Email And Web Manager » Version: 14.1.0-239

cpe:2.3:a:cisco:secure_email_and_web_manager:14.1.0-239
Cisco » Secure Email And Web Manager » Version: 14.2.0

cpe:2.3:a:cisco:secure_email_and_web_manager:14.2.0
Cisco » Secure Email And Web Manager » Version: 14.2.0-217

cpe:2.3:a:cisco:secure_email_and_web_manager:14.2.0-217
Cisco » Secure Email And Web Manager » Version: 14.3.0

cpe:2.3:a:cisco:secure_email_and_web_manager:14.3.0
Cisco » Secure Email And Web Manager » Version: 14.3.0-115

cpe:2.3:a:cisco:secure_email_and_web_manager:14.3.0-115

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-20009

Products

Pricing

Contact Us