CVE-2023-20168

CVE Database · CVE-2023-20168

CVE-2023-20168

· HIGHModified

CVSS v3.1

7.1

EPSS

0.21%

Published

Aug 23, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-120CWE-20

Affected Products (87)

cisco · nx-osvulnerable

cisco · nexus_3048

cisco · nexus_31108pc-v

cisco · nexus_31108tc-v

cisco · nexus_31128pq

cisco · nexus_3132c-z

cisco · nexus_3132q-v

cisco · nexus_3132q-xl

cisco · nexus_3164q

cisco · nexus_3172pq

cisco · nexus_3172pq-xl

cisco · nexus_3172tq

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-remoteauth-dos-XB6pv74m

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-remoteauth-dos-XB6pv74m

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs