CVE-2023-20016
Vulnerability from cvelistv5
Published
2023-02-23 00:00
Modified
2024-10-25 16:04
Summary
Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability
Impacted products
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.614Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230223 Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsm-bkpsky-H8FCQgsA"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20016",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-25T14:36:41.126540Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-25T16:04:01.210Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified Computing System (Managed) ",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-02-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-321",
              "description": "CWE-321",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-23T00:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230223 Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsm-bkpsky-H8FCQgsA"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ucsm-bkpsky-H8FCQgsA",
        "defect": [
          [
            "CSCvm53827",
            "CSCwc01592"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20016",
    "datePublished": "2023-02-23T00:00:00",
    "dateReserved": "2022-10-27T00:00:00",
    "dateUpdated": "2024-10-25T16:04:01.210Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-20016\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2023-02-23T20:15:13.407\",\"lastModified\":\"2023-11-07T04:05:44.533\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.0,\"impactScore\":4.0},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]},{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-321\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ucs_central_software:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2\\\\(3c\\\\)\",\"matchCriteriaId\":\"BD20288C-BDEE-45D4-A0AF-A68ABB3A8E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ucs_6536_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"834E1736-9E8D-476A-ADA9-EB81BEB8DC6C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_6536:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C36A364-DBC0-44DA-9DB0-6CC8E9D074BF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ucs_central_software:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2\\\\(3c\\\\)\",\"matchCriteriaId\":\"BD20288C-BDEE-45D4-A0AF-A68ABB3A8E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ucs_64108_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CF884E9-68AA-44F7-A551-F7D7DF2378DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_64108:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC04D48B-8B2F-45E1-A445-A87E92E790B8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ucs_central_software:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2\\\\(3c\\\\)\",\"matchCriteriaId\":\"BD20288C-BDEE-45D4-A0AF-A68ABB3A8E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ucs_6454_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"085034AF-4825-4E06-BCBD-6F0D80959A26\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_6454:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4FD096B7-6F8E-4E48-9EC4-9A10AA7D9AA0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ucs_central_software:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2\\\\(3c\\\\)\",\"matchCriteriaId\":\"BD20288C-BDEE-45D4-A0AF-A68ABB3A8E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ucs_6200_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BD99394-5B1B-49FB-9085-3D92E4DBF1A5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_6200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0B96E5C-CC27-4020-93CE-413B95DCABB0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ucs_central_software:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2\\\\(3c\\\\)\",\"matchCriteriaId\":\"BD20288C-BDEE-45D4-A0AF-A68ABB3A8E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ucs_6248up_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AE37430-9711-443E-BF69-CAAEDD2A0E45\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_6248up:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49112D3F-DFAD-4E71-992B-9E0640FA388C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ucs_central_software:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2\\\\(3c\\\\)\",\"matchCriteriaId\":\"BD20288C-BDEE-45D4-A0AF-A68ABB3A8E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ucs_6296up_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E325ADE-5098-4C1B-82FB-CB04DDB68A2A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_6296up:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38A1D8F2-A4A6-4BAC-8326-9F9DE9572FA2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ucs_central_software:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2\\\\(3c\\\\)\",\"matchCriteriaId\":\"BD20288C-BDEE-45D4-A0AF-A68ABB3A8E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ucs_6300_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"192B4BF0-A6E4-4241-8E30-48CAE65203F1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_6300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6BCF41B-A617-4563-8D14-E906411354FB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ucs_central_software:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2\\\\(3c\\\\)\",\"matchCriteriaId\":\"BD20288C-BDEE-45D4-A0AF-A68ABB3A8E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ucs_6324_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63D87F40-279D-46BD-9A1E-B980E9DDD24D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_6324:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B82093C6-B36D-4E4E-AD7F-8C107646B8D9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ucs_central_software:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2\\\\(3c\\\\)\",\"matchCriteriaId\":\"BD20288C-BDEE-45D4-A0AF-A68ABB3A8E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ucs_6332_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"148B3732-6F6C-4865-8FCC-A215883BEEC9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_6332:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E406DDCE-6753-43E9-B6F0-7A038DE84E41\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:ucs_central_software:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.2\\\\(3c\\\\)\",\"matchCriteriaId\":\"BD20288C-BDEE-45D4-A0AF-A68ABB3A8E15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ucs_6332-16up_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"027A27D8-DD06-420A-BCDC-553641F5CC83\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ucs_6332-16up:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"054D8EB2-97A3-4725-9DFF-27A4D231D90A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:fxos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.6.1\",\"matchCriteriaId\":\"FC22C69D-7B86-4ED8-87AA-D259D026CA6B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E9552E6-0B9B-4B32-BE79-90D4E3887A7B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4110:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0CBC7F5-7767-43B6-9384-BE143FCDBD7F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4112:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"957D64EB-D60E-4775-B9A8-B21CA48ED3B1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4115:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A694AD51-9008-4AE6-8240-98B17AB527EE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4120:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38AE6DC0-2B03-4D36-9856-42530312CC46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4125:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71DCEF22-ED20-4330-8502-EC2DD4C9838F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4140:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DB2822B-B752-4CD9-A178-934957E306B4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4145:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81F4868A-6D62-479C-9C19-F9AABDBB6B24\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_4150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65378F3A-777C-4AE2-87FB-1E7402F9EA1B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-24:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18048A84-BA0F-48EF-AFFB-635FF7F70C66\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-36:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"317DF3DD-C7CD-4CA2-804F-A738E048BEB4\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C13CF29B-9308-452B-B7E0-9E818B5A6C1E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-44:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DB527C2-855E-4BB9-BCA7-94BE86100D44\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-44_x_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E82C1B05-990D-49D2-B80A-C3EDD4082840\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-48:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"421D91C3-8AB3-45E1-9E55-13ED1A4A623E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-56:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D741945-8B0A-408D-A5FE-D5B38DC6D46A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:firepower_9300_sm-56_x_3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9308CA67-E949-4338-A890-22B3C4428D70\"}]}]}],\"references\":[{\"url\":\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsm-bkpsky-H8FCQgsA\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.