VDB
CVE-2023-20012
CVE-2023-20012
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition.
EPSS 0.10% · 27.3th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.10%
27.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | ucs_6536_firmware | |
| cisco | nexus_93180yc-fx3_firmware | |
| Cisco | Cisco Unified Computing System (Managed) | n/a |
| cisco | nexus_93180yc-fx3s_firmware | |
| cisco | ucs_64108_firmware | |
| cisco | ucs_central_software | 4.2, 4.2, 4.2 |
| cisco | ucs_6454_firmware |
Exploit Intelligence
Timeline
- Feb 23, 2023 CVE Published
- Feb 24, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 4, 2023 EPSS Score
- May 14, 2023 EPSS Score
- Jun 22, 2023 EPSS Score
- Jul 31, 2023 EPSS Score
- Sep 9, 2023 EPSS Score
- Oct 18, 2023 EPSS Score
- Nov 26, 2023 EPSS Score
- Jan 5, 2024 EPSS Score
- Feb 13, 2024 EPSS Score