Sign-up

ID

VAR-202304-1774


CVE

CVE-2023-20039


TITLE

Cisco Systems  Cisco Industrial Network Director  Vulnerability in externally accessible files or directories in

Trust: 0.8

sources: JVNDB: JVNDB-2023-029526

DESCRIPTION

A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data. This vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the application data directory. A successful exploit could allow the attacker to view sensitive information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. . Cisco Systems Cisco Industrial Network Director Exists in a vulnerability in externally accessible files or directories.Information may be obtained. For more information about these vulnerabilities, see the Details section of this advisory. This advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V

Trust: 1.71

sources: NVD: CVE-2023-20039 // JVNDB: JVNDB-2023-029526 // VULMON: CVE-2023-20039

AFFECTED PRODUCTS

vendor:ciscomodel:industrial network directorscope:ltversion:1.11.3

Trust: 1.0

vendor:シスコシステムズmodel:cisco industrial network directorscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco industrial network directorscope:eqversion:1.11.3

Trust: 0.8

sources: JVNDB: JVNDB-2023-029526 // NVD: CVE-2023-20039

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com: CVE-2023-20039
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2023-20039
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-20039
value: MEDIUM

Trust: 0.8

psirt@cisco.com: CVE-2023-20039
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2023-20039
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2023-20039
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-029526 // NVD: CVE-2023-20039 // NVD: CVE-2023-20039

PROBLEMTYPE DATA

problemtype:CWE-552

Trust: 1.0

problemtype:Externally accessible file or directory (CWE-552) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-029526 // NVD: CVE-2023-20039

PATCH

title:cisco-sa-ind-CAeLFk6Vurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V

Trust: 0.8

title:Cisco: Cisco Industrial Network Director Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ind-CAeLFk6V

Trust: 0.1

sources: VULMON: CVE-2023-20039 // JVNDB: JVNDB-2023-029526

EXTERNAL IDS

db:NVDid:CVE-2023-20039

Trust: 2.7

db:JVNDBid:JVNDB-2023-029526

Trust: 0.8

db:VULMONid:CVE-2023-20039

Trust: 0.1

sources: VULMON: CVE-2023-20039 // JVNDB: JVNDB-2023-029526 // NVD: CVE-2023-20039

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ind-caelfk6v

Trust: 1.1

url:https://nvd.nist.gov/vuln/detail/cve-2023-20039

Trust: 0.8

sources: VULMON: CVE-2023-20039 // JVNDB: JVNDB-2023-029526 // NVD: CVE-2023-20039

SOURCES

db:VULMONid:CVE-2023-20039
db:JVNDBid:JVNDB-2023-029526
db:NVDid:CVE-2023-20039

LAST UPDATE DATE

2025-08-15T05:32:40.002000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-029526date:2025-08-12T05:51:00
db:NVDid:CVE-2023-20039date:2025-08-11T17:33:59.200

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-029526date:2025-08-12T00:00:00
db:NVDid:CVE-2023-20039date:2024-11-15T16:15:25.157