CVE-2023-20012 — MEDIUM (5.3)

Q: How severe is CVE-2023-20012?

CVE-2023-20012 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-20012?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nexus 93180Yc-Fx3S Firmware, Cisco Nexus 93180Yc-Fx3S, Cisco Nexus 93180Yc-Fx3 Firmware, Cisco Nexus 93180Yc-Fx3, Cisco Ucs Central Software.

Vulnerability Description

A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Nexus 93180Yc-Fx3S Firmware	-
Cisco	Nexus 93180Yc-Fx3S	-
Cisco	Nexus 93180Yc-Fx3 Firmware	-
Cisco	Nexus 93180Yc-Fx3	-
Cisco	Ucs Central Software	>= 4.2, < 4.2\(2d\)
Cisco	Ucs 6536 Firmware	-
Cisco	Ucs 6536	-
Cisco	Ucs 64108 Firmware	-
Cisco	Ucs 64108	-
Cisco	Ucs 6454 Firmware	-
Cisco	Ucs 6454	-

Related Weaknesses (CWE)

CWE-287

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory

FAQ

What is CVE-2023-20012?

CVE-2023-20012 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker wi...

How severe is CVE-2023-20012?

CVE-2023-20012 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20012?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nexus 93180Yc-Fx3S Firmware, Cisco Nexus 93180Yc-Fx3S, Cisco Nexus 93180Yc-Fx3 Firmware, Cisco Nexus 93180Yc-Fx3, Cisco Ucs Central Software.