CVE-2023-20016

MEDIUM 6.3

Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.

CWE	CWE-321
Vendor	cisco
Product	cisco unified computing system (managed)
Ecosystems	Networking
Industries	NetworkingTelecommunications
Published	Feb 23, 2023
Last Updated	Oct 25, 2024

Stay Ahead of the Next One

Get instant alerts for cisco cisco unified computing system (managed)

Be the first to know when new medium vulnerabilities affecting cisco cisco unified computing system (managed) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Cisco / Cisco Unified Computing System (Managed)

n/a

References

NVD ↗ CVE.org ↗ EPSS Data ↗

sec.cloudapps.cisco.com: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsm-bkpsky-H8FCQgsA