Lucene search

CiscoCVE-2023-20012

HistoryFeb 23, 2023 - 8:15 p.m.

CVE-2023-20012

2023-02-2320:15:13

CWE-287

cisco

web.nvd.nist.gov

cisco

nexus

9300-fx3

fex

cli

authentication

vulnerability

cisco vulnerability

dos

nvd

CVSS3

5.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition.

Affected configurations

Nvd

Node

cisconexus_93180yc-fx3s_firmwareMatch-

AND

cisconexus_93180yc-fx3sMatch-

Node

cisconexus_93180yc-fx3_firmwareMatch-

AND

cisconexus_93180yc-fx3Match-

Node

ciscoucs_central_softwareRange4.2–4.2\(2d\)

ciscoucs_6536_firmwareMatch-

AND

ciscoucs_6536Match-

Node

ciscoucs_central_softwareRange4.2–4.2\(2d\)

ciscoucs_64108_firmwareMatch-

AND

ciscoucs_64108Match-

Node

ciscoucs_central_softwareRange4.2–4.2\(2d\)

ciscoucs_6454_firmwareMatch-

AND

ciscoucs_6454Match-

VendorProductVersionCPE
cisconexus_93180yc-fx3s_firmware-cpe:2.3:o:cisco:nexus_93180yc-fx3s_firmware:-:*:*:*:*:*:*:*
cisconexus_93180yc-fx3s-cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*
cisconexus_93180yc-fx3_firmware-cpe:2.3:o:cisco:nexus_93180yc-fx3_firmware:-:*:*:*:*:*:*:*
cisconexus_93180yc-fx3-cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*
ciscoucs_central_software*cpe:2.3:a:cisco:ucs_central_software:*:*:*:*:*:*:*:*
ciscoucs_6536_firmware-cpe:2.3:o:cisco:ucs_6536_firmware:-:*:*:*:*:*:*:*
ciscoucs_6536-cpe:2.3:h:cisco:ucs_6536:-:*:*:*:*:*:*:*
ciscoucs_64108_firmware-cpe:2.3:o:cisco:ucs_64108_firmware:-:*:*:*:*:*:*:*
ciscoucs_64108-cpe:2.3:h:cisco:ucs_64108:-:*:*:*:*:*:*:*
ciscoucs_6454_firmware-cpe:2.3:o:cisco:ucs_6454_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	nexus_93180yc-fx3s_firmware	-	cpe:2.3:o:cisco:nexus_93180yc-fx3s_firmware:-:::::::*
cisco	nexus_93180yc-fx3s	-	cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:::::::*
cisco	nexus_93180yc-fx3_firmware	-	cpe:2.3:o:cisco:nexus_93180yc-fx3_firmware:-:::::::*
cisco	nexus_93180yc-fx3	-	cpe:2.3:h:cisco:nexus_93180yc-fx3:-:::::::*
cisco	ucs_central_software	*	cpe:2.3:a:cisco:ucs_central_software::::::::
cisco	ucs_6536_firmware	-	cpe:2.3:o:cisco:ucs_6536_firmware:-:::::::*
cisco	ucs_6536	-	cpe:2.3:h:cisco:ucs_6536:-:::::::*
cisco	ucs_64108_firmware	-	cpe:2.3:o:cisco:ucs_64108_firmware:-:::::::*
cisco	ucs_64108	-	cpe:2.3:h:cisco:ucs_64108:-:::::::*
cisco	ucs_6454_firmware	-	cpe:2.3:o:cisco:ucs_6454_firmware:-:::::::*

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Unified Computing System (Managed) ",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-elyfex-dos-gfvcByx

CVSS3

5.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

21.5%

JSON

Related for CVE-2023-20012