1. Home
  2. CVE Database
  3. CVE-2023-20168
HIGH · 7.1

CVE-2023-20168

A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerabili...

Vulnerability Description

A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
CiscoNx-Os9.3\(11\)
CiscoNexus 3048-
CiscoNexus 31108Pc-V-
CiscoNexus 31108Tc-V-
CiscoNexus 31128Pq-
CiscoNexus 3132C-Z-
CiscoNexus 3132Q-V-
CiscoNexus 3132Q-Xl-
CiscoNexus 3164Q-
CiscoNexus 3172Pq-
CiscoNexus 3172Pq-Xl-
CiscoNexus 3172Tq-
CiscoNexus 3172Tq-32T-
CiscoNexus 3172Tq-Xl-
CiscoNexus 3232-
CiscoNexus 3264C-E-
CiscoNexus 3264Q-
CiscoNexus 3408-S-
CiscoNexus 34180Yc-
CiscoNexus 34200Yc-Sm-

Related Weaknesses (CWE)

CWE-20CWE-120

References

FAQ

What is CVE-2023-20168?

CVE-2023-20168 is a vulnerability with a CVSS score of 7.1 (HIGH). A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerabili...

How severe is CVE-2023-20168?

CVE-2023-20168 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20168?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Nx-Os, Cisco Nexus 3048, Cisco Nexus 31108Pc-V, Cisco Nexus 31108Tc-V, Cisco Nexus 31128Pq.