Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-20003

Published: 18/05/2023 Updated: 07/11/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Business 140ac Access Point Firmware

Vulnerability Summary

A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent malicious user to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the malicious user to access the Guest Portal without authentication.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco business_140ac_access_point_firmware

cisco business_141acm_firmware

cisco business_142acm_firmware

cisco business_143acm_firmware

cisco business_151axm_firmware 10.4.2

cisco business_145ac_access_point_firmware

cisco business_150ax_access_point_firmware 10.4.2

cisco business_240ac_access_point_firmware

Vendor Advisories

Cisco: Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability
A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication This vulnerability is due to a logic error with the social login implementation An attacker could exploit this vulnerability by attempti ...

References

CWE-306https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZhttps://nvd.nist.govhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-auth-bypass-ggnAfdZ
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
IMAPCVE-2024-4367server-side request forgeryinformation disclosureCVE-2024-34342CVE-2024-4281CVE-2024-3507CVE-2024-25560CVE-2024-34574
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook