CVE-2023-20012
Last modified
CVE-2023-20012 is a medium-severity vulnerability rated 4.6/10 on the CVSS scale. A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Nexus 93180yc-Fx3s Firmware | All versions |
| Cisco | Nexus 93180yc-Fx3 Firmware | All versions |
| Cisco | Ucs Central Software | >= 4.2, < 4.2\(2d\) |
| Cisco | Ucs 6536 Firmware | All versions |
| Cisco | Ucs 64108 Firmware | All versions |
| Cisco | Ucs 6454 Firmware | All versions |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-20012?
How severe is CVE-2023-20012?
How do I fix CVE-2023-20012?
Are you affected by CVE-2023-20012?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST