Lucene search

[email protected]NVD:CVE-2023-20168

HistoryAug 23, 2023 - 7:15 p.m.

CVE-2023-20168

2023-08-2319:15:07

CWE-20

CWE-120

[email protected]

web.nvd.nist.gov

cve-2023-20168

authentication vulnerability

cisco nx-os software

unexpected device reload

denial of service

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.3%

JSON

A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.

Affected configurations

NVD

Node

cisconx-osMatch9.3\(11\)

cisconx-osMatch10.2\(5\)

AND

cisconexus_3048Match-

cisconexus_31108pc-vMatch-

cisconexus_31108tc-vMatch-

cisconexus_31128pqMatch-

cisconexus_3132c-zMatch-

cisconexus_3132q-vMatch-

cisconexus_3132q-xlMatch-

cisconexus_3164qMatch-

cisconexus_3172pqMatch-

cisconexus_3172pq-xlMatch-

cisconexus_3172tqMatch-

cisconexus_3172tq-32tMatch-

cisconexus_3172tq-xlMatch-

cisconexus_3232Match-

cisconexus_3264c-eMatch-

cisconexus_3264qMatch-

cisconexus_3408-sMatch-

cisconexus_34180ycMatch-

cisconexus_34200yc-smMatch-

cisconexus_3432d-sMatch-

cisconexus_3464cMatch-

cisconexus_3524Match-

cisconexus_3524-xMatch-

cisconexus_3524-xlMatch-

cisconexus_3548Match-

cisconexus_3548-xMatch-

cisconexus_3548-xlMatch-

cisconexus_36180yc-rMatch-

cisconexus_9232eMatch-

cisconexus_92348gc-xMatch-

cisconexus_9408Match-

cisconexus_9504Match-

cisconexus_9508Match-

cisconexus_9516Match-

Node

cisconx-osMatch-

AND

ciscomds_9000Match-

ciscomds_9100Match-

ciscomds_9132tMatch-

ciscomds_9134Match-

ciscomds_9140Match-

ciscomds_9148Match-

ciscomds_9148sMatch-

ciscomds_9148tMatch-

ciscomds_9200Match-

ciscomds_9216Match-

ciscomds_9216aMatch-

ciscomds_9216iMatch-

ciscomds_9222iMatch-

ciscomds_9250iMatch-

ciscomds_9396sMatch-

ciscomds_9396tMatch-

ciscomds_9500Match-

ciscomds_9506Match-

ciscomds_9509Match-

ciscomds_9513Match-

ciscomds_9700Match-

ciscomds_9706Match-

ciscomds_9710Match-

ciscomds_9718Match-

cisconexus_1000_virtual_edgeMatch-vmware_vsphere

cisconexus_1000vMatch-microsoft_hyper-v

cisconexus_1000vMatch-vmware_vsphere

cisconexus_5500Match-

cisconexus_5548pMatch-

cisconexus_5548upMatch-

cisconexus_5596tMatch-

cisconexus_5596upMatch-

cisconexus_5600Match-

cisconexus_56128pMatch-

cisconexus_5624qMatch-

cisconexus_5648qMatch-

cisconexus_5672upMatch-

cisconexus_5672up-16gMatch-

cisconexus_5696qMatch-

cisconexus_6000Match-

cisconexus_6001Match-

cisconexus_6001pMatch-

cisconexus_6001tMatch-

cisconexus_6004Match-

cisconexus_6004xMatch-

cisconexus_7000Match-

cisconexus_7004Match-

cisconexus_7009Match-

cisconexus_7010Match-

cisconexus_7018Match-

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-remoteauth-dos-XB6pv74m

6.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

25.3%

JSON

Related for NVD:CVE-2023-20168

nessus2 prion1 cisco1 cvelist1 cve1