CVE-2023-20012

A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition.

CVSS v3.0 4.6 MEDIUM

4.6^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-elyfex-dos-gfvcByx	Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:nexus_93180yc-fx3s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:nexus_93180yc-fx3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

OR	cpe:2.3:a:cisco:ucs_central_software::::::::
	cpe:2.3:o:cisco:ucs_6536_firmware:-:::::::*

cpe:2.3:h:cisco:ucs_6536:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

OR	cpe:2.3:a:cisco:ucs_central_software::::::::
	cpe:2.3:o:cisco:ucs_64108_firmware:-:::::::*

cpe:2.3:h:cisco:ucs_64108:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

OR	cpe:2.3:a:cisco:ucs_central_software::::::::
	cpe:2.3:o:cisco:ucs_6454_firmware:-:::::::*

cpe:2.3:h:cisco:ucs_6454:-:*:*:*:*:*:*:*

Information

Published : 2023-02-23 12:15

Updated : 2023-03-13 09:30

NVD link : CVE-2023-20012

Mitre link : CVE-2023-20012

JSON object : View

CWE

CWE-287

Improper Authentication

Advertisement

Products Affected

cisco

ucs_64108
ucs_64108_firmware
nexus_93180yc-fx3_firmware
ucs_6454_firmware
ucs_6536
ucs_6536_firmware
ucs_central_software
nexus_93180yc-fx3
nexus_93180yc-fx3s
ucs_6454
nexus_93180yc-fx3s_firmware

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-elyfex-dos-gfvcByx", "name": "20230223 Cisco Nexus 9300-FX3 Series Fabric Extender for UCS Fabric Interconnects Authentication Bypass Vulnerability", "tags": ["Vendor Advisory"], "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-20012", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.9}}, "publishedDate": "2023-02-23T20:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:nexus_93180yc-fx3s_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-fx3s:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:cisco:nexus_93180yc-fx3_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:nexus_93180yc-fx3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.2\\(2d\\)", "versionStartIncluding": "4.2"}, {"cpe23Uri": "cpe:2.3:o:cisco:ucs_6536_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:ucs_6536:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.2\\(2d\\)", "versionStartIncluding": "4.2"}, {"cpe23Uri": "cpe:2.3:o:cisco:ucs_64108_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:ucs_64108:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:ucs_central_software:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.2\\(2d\\)", "versionStartIncluding": "4.2"}, {"cpe23Uri": "cpe:2.3:o:cisco:ucs_6454_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:cisco:ucs_6454:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-03-13T16:30Z"}