Published: 23/02/2023 Updated: 07/11/2023

CVSS v3 Base Score: 4.6 | Impact Score: 3.6 | Exploitability Score: 0.9

VMScore: 0

Subscribe to Nexus 93180yc-fx3s Firmware

A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the malicious user to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco nexus_93180yc-fx3s_firmware -
cisco nexus_93180yc-fx3_firmware -
cisco ucs_central_software
cisco ucs_6536_firmware -
cisco ucs_64108_firmware -
cisco ucs_6454_firmware -

A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication This vulnerability is due to the improper implementation of the password validation function An attacker ...

CWE-287 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-elyfex-dos-gfvcByx https://nvd.nist.gov https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-elyfex-dos-gfvcByx

CVE-2023-20012

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect