Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2023-20115
HistoryAug 23, 2023 - 7:15 p.m.

CVE-2023-20115

2023-08-2319:15:07
CWE-671
[email protected]
web.nvd.nist.gov
8
cisco
nexus switches
download
overwrite
vulnerability
sftp
authentication
operating system
workaround

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

26.9%

JSON

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device.

This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user.

There are workarounds that address this vulnerability.

Affected configurations

Nvd
Node
cisconx-osMatch9.2\(1\)
OR
cisconx-osMatch9.2\(2\)
OR
cisconx-osMatch9.2\(2t\)
OR
cisconx-osMatch9.2\(2v\)
OR
cisconx-osMatch9.2\(3\)
OR
cisconx-osMatch9.2\(4\)
OR
cisconx-osMatch9.3\(1\)
OR
cisconx-osMatch9.3\(2\)
OR
cisconx-osMatch9.3\(3\)
OR
cisconx-osMatch9.3\(4\)
OR
cisconx-osMatch9.3\(5\)
OR
cisconx-osMatch9.3\(6\)
OR
cisconx-osMatch9.3\(7\)
OR
cisconx-osMatch9.3\(7a\)
OR
cisconx-osMatch9.3\(8\)
OR
cisconx-osMatch9.3\(9\)
OR
cisconx-osMatch9.3\(10\)
OR
cisconx-osMatch9.3\(11\)
OR
cisconx-osMatch10.1\(1\)
OR
cisconx-osMatch10.1\(2\)
OR
cisconx-osMatch10.1\(2t\)
OR
cisconx-osMatch10.2\(1\)
OR
cisconx-osMatch10.2\(1q\)
OR
cisconx-osMatch10.2\(2\)
OR
cisconx-osMatch10.2\(3\)
OR
cisconx-osMatch10.2\(3t\)
OR
cisconx-osMatch10.2\(4\)
OR
cisconx-osMatch10.2\(5\)
OR
cisconx-osMatch10.3\(1\)
OR
cisconx-osMatch10.3\(2\)
AND
cisconexus_3048Match-
OR
cisconexus_31108pc-vMatch-
OR
cisconexus_31108tc-vMatch-
OR
cisconexus_31128pqMatch-
OR
cisconexus_3132c-zMatch-
OR
cisconexus_3132q-vMatch-
OR
cisconexus_3132q-xlMatch-
OR
cisconexus_3164qMatch-
OR
cisconexus_3172pqMatch-
OR
cisconexus_3172pq-xlMatch-
OR
cisconexus_3172tqMatch-
OR
cisconexus_3172tq-32tMatch-
OR
cisconexus_3172tq-xlMatch-
OR
cisconexus_3232cMatch-
OR
cisconexus_3264c-eMatch-
OR
cisconexus_3264qMatch-
OR
cisconexus_3408-sMatch-
OR
cisconexus_34180ycMatch-
OR
cisconexus_34200yc-smMatch-
OR
cisconexus_3432d-sMatch-
OR
cisconexus_3464cMatch-
OR
cisconexus_3524Match-
OR
cisconexus_3524-xMatch-
OR
cisconexus_3524-xlMatch-
OR
cisconexus_3548Match-
OR
cisconexus_3548-xMatch-
OR
cisconexus_3548-xlMatch-
OR
cisconexus_36180yc-rMatch-
OR
cisconexus_3636c-rMatch-
OR
cisconexus_9000vMatch-
OR
cisconexus_92160yc-xMatch-
OR
cisconexus_92300ycMatch-
OR
cisconexus_92304qcMatch-
OR
cisconexus_9232eMatch-
OR
cisconexus_92348gc-xMatch-
OR
cisconexus_9236cMatch-
OR
cisconexus_9272qMatch-
OR
cisconexus_93108tc-exMatch-
OR
cisconexus_93108tc-ex-24Match-
OR
cisconexus_93108tc-fxMatch-
OR
cisconexus_93108tc-fx-24Match-
OR
cisconexus_93108tc-fx3hMatch-
OR
cisconexus_93108tc-fx3pMatch-
OR
cisconexus_93120txMatch-
OR
cisconexus_93128txMatch-
OR
cisconexus_9316d-gxMatch-
OR
cisconexus_93180lc-exMatch-
OR
cisconexus_93180yc-exMatch-
OR
cisconexus_93180yc-ex-24Match-
OR
cisconexus_93180yc-fxMatch-
OR
cisconexus_93180yc-fx-24Match-
OR
cisconexus_93180yc-fx3Match-
OR
cisconexus_93180yc-fx3hMatch-
OR
cisconexus_93180yc-fx3sMatch-
OR
cisconexus_93216tc-fx2Match-
OR
cisconexus_93240yc-fx2Match-
OR
cisconexus_9332cMatch-
OR
cisconexus_9332d-gx2bMatch-
OR
cisconexus_9332d-h2rMatch-
OR
cisconexus_9332pqMatch-
OR
cisconexus_93360yc-fx2Match-
OR
cisconexus_9336c-fx2Match-
OR
cisconexus_9336c-fx2-eMatch-
OR
cisconexus_9336pq_aci_spineMatch-
OR
cisconexus_9348d-gx2aMatch-
OR
cisconexus_9348gc-fx3Match-
OR
cisconexus_9348gc-fxpMatch-
OR
cisconexus_93600cd-gxMatch-
OR
cisconexus_9364cMatch-
OR
cisconexus_9364c-gxMatch-
OR
cisconexus_9364d-gx2aMatch-
OR
cisconexus_9372pxMatch-
OR
cisconexus_9372px-eMatch-
OR
cisconexus_9372txMatch-
OR
cisconexus_9372tx-eMatch-
OR
cisconexus_9396pxMatch-
OR
cisconexus_9396txMatch-
OR
cisconexus_9408Match-
OR
cisconexus_9508Match-
OR
cisconexus_9804Match-
OR
cisconexus_9808Match-
VendorProductVersionCPE
cisconx-os9.2(1)cpe:2.3:o:cisco:nx-os:9.2\(1\):*:*:*:*:*:*:*
cisconx-os9.2(2)cpe:2.3:o:cisco:nx-os:9.2\(2\):*:*:*:*:*:*:*
cisconx-os9.2(2t)cpe:2.3:o:cisco:nx-os:9.2\(2t\):*:*:*:*:*:*:*
cisconx-os9.2(2v)cpe:2.3:o:cisco:nx-os:9.2\(2v\):*:*:*:*:*:*:*
cisconx-os9.2(3)cpe:2.3:o:cisco:nx-os:9.2\(3\):*:*:*:*:*:*:*
cisconx-os9.2(4)cpe:2.3:o:cisco:nx-os:9.2\(4\):*:*:*:*:*:*:*
cisconx-os9.3(1)cpe:2.3:o:cisco:nx-os:9.3\(1\):*:*:*:*:*:*:*
cisconx-os9.3(2)cpe:2.3:o:cisco:nx-os:9.3\(2\):*:*:*:*:*:*:*
cisconx-os9.3(3)cpe:2.3:o:cisco:nx-os:9.3\(3\):*:*:*:*:*:*:*
cisconx-os9.3(4)cpe:2.3:o:cisco:nx-os:9.3\(4\):*:*:*:*:*:*:*
Rows per page:
1-10 of 1111

Related

cisco 1
prion 1
nessus 2
cvelist 1
cve 1
cisco
cisco
Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access Vulnerability
2023-08-23 16:00:00
prion
prion
Design/Logic Flaw
2023-08-23 19:15:00
nessus
nessus
Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access (CVE-2023-20115)
2023-09-19 00:00:00
Cisco Nexus 3000 9000 Series Switches SFTP Server File Access (cisco-sa-nxos-sftp-xVAp5Hfd)
2023-08-24 00:00:00
cvelist
cvelist
CVE-2023-20115
2023-08-23 18:20:34
cve
cve
CVE-2023-20115
2023-08-23 19:15:07

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

0.001

Percentile

26.9%

JSON
Related for NVD:CVE-2023-20115
cisco1prion1nessus2cvelist1cve1