CVE-2023-20016 - OpenCVE

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Firepower 4100 Firepower 4110 Firepower 4112 Firepower 4115 Firepower 4120 Firepower 4125 Firepower 4140 Firepower 4145 Firepower 4150 Firepower 9300 Sm-24 Firepower 9300 Sm-36 Firepower 9300 Sm-40 Firepower 9300 Sm-44 Firepower 9300 Sm-44 X 3 Firepower 9300 Sm-48 Firepower 9300 Sm-56 Firepower 9300 Sm-56 X 3 Fxos Ucs 6200 Ucs 6200 Firmware Ucs 6248up Ucs 6248up Firmware Ucs 6296up Ucs 6296up Firmware Ucs 6300 Ucs 6300 Firmware Ucs 6324 Ucs 6324 Firmware Ucs 6332 Ucs 6332-16up Ucs 6332-16up Firmware Ucs 6332 Firmware Ucs 64108 Ucs 64108 Firmware Ucs 6454 Ucs 6454 Firmware Ucs 6536 Ucs 6536 Firmware Ucs Central Software

Configuration 1 [-]

AND

OR	cpe:2.3:a:cisco:ucs_central_software::::::::
	cpe:2.3:o:cisco:ucs_6536_firmware:-:::::::*

cpe:2.3:h:cisco:ucs_6536:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:cisco:ucs_central_software::::::::
	cpe:2.3:o:cisco:ucs_64108_firmware:-:::::::*

cpe:2.3:h:cisco:ucs_64108:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:a:cisco:ucs_central_software::::::::
	cpe:2.3:o:cisco:ucs_6454_firmware:-:::::::*

cpe:2.3:h:cisco:ucs_6454:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:a:cisco:ucs_central_software::::::::
	cpe:2.3:o:cisco:ucs_6200_firmware:-:::::::*

cpe:2.3:h:cisco:ucs_6200:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:a:cisco:ucs_central_software::::::::
	cpe:2.3:o:cisco:ucs_6248up_firmware:-:::::::*

cpe:2.3:h:cisco:ucs_6248up:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:a:cisco:ucs_central_software::::::::
	cpe:2.3:o:cisco:ucs_6296up_firmware:-:::::::*

cpe:2.3:h:cisco:ucs_6296up:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:a:cisco:ucs_central_software::::::::
	cpe:2.3:o:cisco:ucs_6300_firmware:-:::::::*

cpe:2.3:h:cisco:ucs_6300:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:a:cisco:ucs_central_software::::::::
	cpe:2.3:o:cisco:ucs_6324_firmware:-:::::::*

cpe:2.3:h:cisco:ucs_6324:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

OR	cpe:2.3:a:cisco:ucs_central_software::::::::
	cpe:2.3:o:cisco:ucs_6332_firmware:-:::::::*

cpe:2.3:h:cisco:ucs_6332:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

OR	cpe:2.3:a:cisco:ucs_central_software::::::::
	cpe:2.3:o:cisco:ucs_6332-16up_firmware:-:::::::*

cpe:2.3:h:cisco:ucs_6332-16up:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:cisco:fxos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:firepower_4100:-:::::::*
	cpe:2.3:h:cisco:firepower_4110:-:::::::*
	cpe:2.3:h:cisco:firepower_4112:-:::::::*
	cpe:2.3:h:cisco:firepower_4115:-:::::::*
	cpe:2.3:h:cisco:firepower_4120:-:::::::*
	cpe:2.3:h:cisco:firepower_4125:-:::::::*
	cpe:2.3:h:cisco:firepower_4140:-:::::::*
	cpe:2.3:h:cisco:firepower_4145:-:::::::*
	cpe:2.3:h:cisco:firepower_4150:-:::::::*
	cpe:2.3:h:cisco:firepower_9300_sm-24:-:::::::*
	cpe:2.3:h:cisco:firepower_9300_sm-36:-:::::::*
	cpe:2.3:h:cisco:firepower_9300_sm-40:-:::::::*
	cpe:2.3:h:cisco:firepower_9300_sm-44:-:::::::*
	cpe:2.3:h:cisco:firepower_9300_sm-44_x_3:-:::::::*
	cpe:2.3:h:cisco:firepower_9300_sm-48:-:::::::*
	cpe:2.3:h:cisco:firepower_9300_sm-56:-:::::::*
	cpe:2.3:h:cisco:firepower_9300_sm-56_x_3:-:::::::*

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsm-bkpsky-H8FCQgsA

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-02-23T00:00:00

Updated: 2024-08-02T08:57:35.614Z

Reserved: 2022-10-27T00:00:00

Link: CVE-2023-20016

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-23T20:15:13.407

Modified: 2023-11-07T04:05:44.533

Link: CVE-2023-20016

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object