A vulnerability in Cisco Intersight Virtual Appliance...
Moderate severity
Unreviewed
Published
Aug 17, 2023
to the GitHub Advisory Database
•
Updated Jan 25, 2024
Description
Published by the National Vulnerability Database
Aug 16, 2023
Published to the GitHub Advisory Database
Aug 17, 2023
Last updated
Jan 25, 2024
A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible.
This vulnerability is due to insufficient restrictions on internally accessible http proxies. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker access to internal subnets beyond the sphere of their intended access level.
References