CVE-2023-20012

CVE Database · CVE-2023-20012

CVE-2023-20012

· MEDIUMModified

CVSS v3.1

5.3

EPSS

0.29%

Published

Feb 23, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition.

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-287CWE-287

Affected Products (13)

cisco · nexus_93180yc-fx3s_firmwarevulnerable

cisco · nexus_93180yc-fx3s

cisco · nexus_93180yc-fx3_firmwarevulnerable

cisco · nexus_93180yc-fx3

cisco · ucs_central_software (up to 4.2\(2d\))vulnerable

cisco · ucs_6536_firmwarevulnerable

cisco · ucs_6536

cisco · ucs_central_software (up to 4.2\(2d\))vulnerable

cisco · ucs_64108_firmwarevulnerable

cisco · ucs_64108

cisco · ucs_central_software

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-elyfex-dos-gfvcByx

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-elyfex-dos-gfvcByx

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs