Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-20016
HistoryFeb 23, 2023 - 8:15 p.m.

CVE-2023-20016

2023-02-2320:15:13
CWE-330
CWE-321
[email protected]
web.nvd.nist.gov
1
vulnerability
cisco ucs manager
fxos software
unauthenticated access
decrypt sensitive information
backup files

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0

Percentile

5.1%

JSON

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.

Affected configurations

Nvd
Node
ciscoucs_central_softwareRange<4.2\(3c\)
OR
ciscoucs_6536_firmwareMatch-
AND
ciscoucs_6536Match-
Node
ciscoucs_central_softwareRange<4.2\(3c\)
OR
ciscoucs_64108_firmwareMatch-
AND
ciscoucs_64108Match-
Node
ciscoucs_central_softwareRange<4.2\(3c\)
OR
ciscoucs_6454_firmwareMatch-
AND
ciscoucs_6454Match-
Node
ciscoucs_central_softwareRange<4.2\(3c\)
OR
ciscoucs_6200_firmwareMatch-
AND
ciscoucs_6200Match-
Node
ciscoucs_central_softwareRange<4.2\(3c\)
OR
ciscoucs_6248up_firmwareMatch-
AND
ciscoucs_6248upMatch-
Node
ciscoucs_central_softwareRange<4.2\(3c\)
OR
ciscoucs_6296up_firmwareMatch-
AND
ciscoucs_6296upMatch-
Node
ciscoucs_central_softwareRange<4.2\(3c\)
OR
ciscoucs_6300_firmwareMatch-
AND
ciscoucs_6300Match-
Node
ciscoucs_central_softwareRange<4.2\(3c\)
OR
ciscoucs_6324_firmwareMatch-
AND
ciscoucs_6324Match-
Node
ciscoucs_central_softwareRange<4.2\(3c\)
OR
ciscoucs_6332_firmwareMatch-
AND
ciscoucs_6332Match-
Node
ciscoucs_central_softwareRange<4.2\(3c\)
OR
ciscoucs_6332-16up_firmwareMatch-
AND
ciscoucs_6332-16upMatch-
Node
ciscofxosRange<2.6.1
AND
ciscofirepower_4100Match-
OR
ciscofirepower_4110Match-
OR
ciscofirepower_4112Match-
OR
ciscofirepower_4115Match-
OR
ciscofirepower_4120Match-
OR
ciscofirepower_4125Match-
OR
ciscofirepower_4140Match-
OR
ciscofirepower_4145Match-
OR
ciscofirepower_4150Match-
OR
ciscofirepower_9300_sm-24Match-
OR
ciscofirepower_9300_sm-36Match-
OR
ciscofirepower_9300_sm-40Match-
OR
ciscofirepower_9300_sm-44Match-
OR
ciscofirepower_9300_sm-44_x_3Match-
OR
ciscofirepower_9300_sm-48Match-
OR
ciscofirepower_9300_sm-56Match-
OR
ciscofirepower_9300_sm-56_x_3Match-
VendorProductVersionCPE
ciscoucs_central_software*cpe:2.3:a:cisco:ucs_central_software:*:*:*:*:*:*:*:*
ciscoucs_6536_firmware-cpe:2.3:o:cisco:ucs_6536_firmware:-:*:*:*:*:*:*:*
ciscoucs_6536-cpe:2.3:h:cisco:ucs_6536:-:*:*:*:*:*:*:*
ciscoucs_64108_firmware-cpe:2.3:o:cisco:ucs_64108_firmware:-:*:*:*:*:*:*:*
ciscoucs_64108-cpe:2.3:h:cisco:ucs_64108:-:*:*:*:*:*:*:*
ciscoucs_6454_firmware-cpe:2.3:o:cisco:ucs_6454_firmware:-:*:*:*:*:*:*:*
ciscoucs_6454-cpe:2.3:h:cisco:ucs_6454:-:*:*:*:*:*:*:*
ciscoucs_6200_firmware-cpe:2.3:o:cisco:ucs_6200_firmware:-:*:*:*:*:*:*:*
ciscoucs_6200-cpe:2.3:h:cisco:ucs_6200:-:*:*:*:*:*:*:*
ciscoucs_6248up_firmware-cpe:2.3:o:cisco:ucs_6248up_firmware:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 391

Related

cve 1
cisco 1
cvelist 1
prion 1
cve
cve
CVE-2023-20016
2023-02-23 20:15:13
cisco
cisco
Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability
2023-02-22 16:00:00
cvelist
cvelist
CVE-2023-20016 Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability
2023-02-23 00:00:00
prion
prion
Authorization
2023-02-23 20:15:00

CVSS3

6.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

AI Score

6.3

Confidence

High

EPSS

0

Percentile

5.1%

JSON
Related for NVD:CVE-2023-20016
cve1cisco1cvelist1prion1