How severe is CVE-2023-20194?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.9 out of 10.

What type of vulnerability is CVE-2023-20194?

This is classified as CWE-268, which is a common weakness in software security.

CVE-2023-20194 - MEDIUM Severity | CVSS 4.9

Vulnerability Description

A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ERS API. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges beyond the sphere of their intended access level, which would allow them to obtain sensitive information from the underlying operating system. Note: The ERS is not enabled by default. To verify the status of the ERS API in the Admin GUI, choose Administration > Settings > API Settings > API Service Settings.

Related Vulnerabilities

CVE-2022-1003

MEDIUM

CVSS:4.9(Medium)

One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way th...

CWE-2682022

CVE-2025-20112

MEDIUM

CVSS:5.1(Medium)

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vu...

CWE-2682025

CVE-2023-0759

MEDIUM

CVSS:5.3(Medium)

Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.

CWE-2682023

CVE-2019-3844

MEDIUM

CVSS:4.5(Medium)

It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transie...

CWE-2682019

CVE-2025-32955

MEDIUM

CVSS:6.0(Medium)

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a polic...

CWE-2682025

CVE-2024-1250

MEDIUM

CVSS:6.5(Medium)

An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to...

CWE-2682024