VDB
CVE-2023-20038
CVE-2023-20038
PUBLISHED
CVSS 8.800000190734863 HIGH
A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director.
EPSS 0.04% · 13.7th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.04%
13.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco Industrial Network Director | 1.5.0, 1.4.0, 1.0.1 |
| cisco | industrial_network_director | 0 |
Exploit Intelligence
- cisco-sa-ind-fZyVjJtG (circl)
Timeline
- Jan 12, 2023 CVE Published
- Jan 17, 2023 CVE Updated
- Jan 20, 2023 EPSS Score
- Mar 2, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 11, 2023 EPSS Score
- May 22, 2023 EPSS Score
- Jul 1, 2023 EPSS Score
- Aug 11, 2023 EPSS Score
- Sep 20, 2023 EPSS Score
- Oct 31, 2023 EPSS Score
- Dec 10, 2023 EPSS Score
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-dos-HpkeYzp advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-20038 advisory