Home / Threat Intelligence bulletins / Cisco releases patches for two critical vulnerabilities

Target Industry

Indiscriminate, opportunistic targeting.


Cisco disclosed patches for two critical vulnerabilities, tracked as CVE-2023-20036 (CVSSv3 score: 9.9) and CVE-2023-20154 (CVSSv3 score: 9.1). The former pertains to a command injection flaw in the Cisco Industrial Network Director and has emerged as a result of an improper input validation when uploading a Device Pack, whereas the latter relates to the external authentication mechanism of the Modeling Labs network simulation platform.


Successful exploitation of CVE-2023-20036 could allow a threat actor to execute arbitrary commands as NT AUTHORITY\SYSTEM on the underlying operating system of an affected device.

Successful exploitation of CVE-2023-20154 could grant an unauthenticated, remote threat actor with access to the web interface with administrative privileges.

Vulnerability Detection

Cisco has released patches for the vulnerabilities. As such, previous versions are vulnerable to potential exploit.

Affected Products

CVE-2023-20036: Cisco IND

CVE-2023-20154: This vulnerability affects the following Cisco products if they are configured with LDAP authentication: Modeling Labs for Education, Modeling Labs Enterprise and Modeling Labs – Not For Resale

Containment, Mitigations & Remediations

CVE-2023-20036: It is strongly recommended that users of the associated product apply the patches that have been made available in version 1.11.3.

CVE-2023-20154: It is strongly recommended that users of the associated product apply the patches that have been made available in version 2.5.1. It should be noted that a workaround also exists with regards to CVE-2023-20154.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available at this time.

Threat Landscape

Cisco has a significant proportion of the enterprise network infrastructure market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Cisco products have become a prime target. Due to the fact that Cisco products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive data contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies


TA0002 – Execution


TA0004 – Privilege Escalation

Further Information

Cisco Advisory

Intelligence Terminology Yardstick