CVE-2023-20168 - Vulnerability Details

A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00108.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco Subscribe	Mds 9000 Subscribe Mds 9100 Subscribe Mds 9132t Subscribe Mds 9134 Subscribe Mds 9140 Subscribe Mds 9148 Subscribe Mds 9148s Subscribe Mds 9148t Subscribe Mds 9200 Subscribe Mds 9216 Subscribe Mds 9216a Subscribe Mds 9216i Subscribe Mds 9222i Subscribe Mds 9250i Subscribe Mds 9396s Subscribe Mds 9396t Subscribe Mds 9500 Subscribe Mds 9506 Subscribe Mds 9509 Subscribe Mds 9513 Subscribe Mds 9700 Subscribe Mds 9706 Subscribe Mds 9710 Subscribe Mds 9718 Subscribe Nexus 1000 Virtual Edge Subscribe Nexus 1000v Subscribe Nexus 3048 Subscribe Nexus 31108pc-v Subscribe Nexus 31108tc-v Subscribe Nexus 31128pq Subscribe Nexus 3132c-z Subscribe Nexus 3132q-v Subscribe Nexus 3132q-xl Subscribe Nexus 3164q Subscribe Nexus 3172pq Subscribe Nexus 3172pq-xl Subscribe Nexus 3172tq Subscribe Nexus 3172tq-32t Subscribe Nexus 3172tq-xl Subscribe Nexus 3232 Subscribe Nexus 3264c-e Subscribe Nexus 3264q Subscribe Nexus 3408-s Subscribe Nexus 34180yc Subscribe Nexus 34200yc-sm Subscribe Nexus 3432d-s Subscribe Nexus 3464c Subscribe Nexus 3524 Subscribe Nexus 3524-x Subscribe Nexus 3524-xl Subscribe Nexus 3548 Subscribe Nexus 3548-x Subscribe Nexus 3548-xl Subscribe Nexus 36180yc-r Subscribe Nexus 5500 Subscribe Nexus 5548p Subscribe Nexus 5548up Subscribe Nexus 5596t Subscribe Nexus 5596up Subscribe Nexus 5600 Subscribe Nexus 56128p Subscribe Nexus 5624q Subscribe Nexus 5648q Subscribe Nexus 5672up Subscribe Nexus 5672up-16g Subscribe Nexus 5696q Subscribe Nexus 6000 Subscribe Nexus 6001 Subscribe Nexus 6001p Subscribe Nexus 6001t Subscribe Nexus 6004 Subscribe Nexus 6004x Subscribe Nexus 7000 Subscribe Nexus 7004 Subscribe Nexus 7009 Subscribe Nexus 7010 Subscribe Nexus 7018 Subscribe Nexus 9232e Subscribe Nexus 92348gc-x Subscribe Nexus 9408 Subscribe Nexus 9504 Subscribe Nexus 9508 Subscribe Nexus 9516 Subscribe Nx-os Subscribe

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:nx-os:9.3\(11\):::::::*
	cpe:2.3:o:cisco:nx-os:10.2\(5\):::::::*

OR	cpe:2.3:h:cisco:nexus_3048:-:::::::*
	cpe:2.3:h:cisco:nexus_31108pc-v:-:::::::*
	cpe:2.3:h:cisco:nexus_31108tc-v:-:::::::*
	cpe:2.3:h:cisco:nexus_31128pq:-:::::::*
	cpe:2.3:h:cisco:nexus_3132c-z:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q-v:-:::::::*
	cpe:2.3:h:cisco:nexus_3132q-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3164q:-:::::::*
	cpe:2.3:h:cisco:nexus_3172pq:-:::::::*
	cpe:2.3:h:cisco:nexus_3172pq-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3172tq:-:::::::*
	cpe:2.3:h:cisco:nexus_3172tq-32t:-:::::::*
	cpe:2.3:h:cisco:nexus_3172tq-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3232:-:::::::*
	cpe:2.3:h:cisco:nexus_3264c-e:-:::::::*
	cpe:2.3:h:cisco:nexus_3264q:-:::::::*
	cpe:2.3:h:cisco:nexus_3408-s:-:::::::*
	cpe:2.3:h:cisco:nexus_34180yc:-:::::::*
	cpe:2.3:h:cisco:nexus_34200yc-sm:-:::::::*
	cpe:2.3:h:cisco:nexus_3432d-s:-:::::::*
	cpe:2.3:h:cisco:nexus_3464c:-:::::::*
	cpe:2.3:h:cisco:nexus_3524:-:::::::*
	cpe:2.3:h:cisco:nexus_3524-x:-:::::::*
	cpe:2.3:h:cisco:nexus_3524-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_3548:-:::::::*
	cpe:2.3:h:cisco:nexus_3548-x:-:::::::*
	cpe:2.3:h:cisco:nexus_3548-xl:-:::::::*
	cpe:2.3:h:cisco:nexus_36180yc-r:-:::::::*
	cpe:2.3:h:cisco:nexus_9232e:-:::::::*
	cpe:2.3:h:cisco:nexus_92348gc-x:-:::::::*
	cpe:2.3:h:cisco:nexus_9408:-:::::::*
	cpe:2.3:h:cisco:nexus_9504:-:::::::*
	cpe:2.3:h:cisco:nexus_9508:-:::::::*
	cpe:2.3:h:cisco:nexus_9516:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:nx-os:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:mds_9000:-:::::::*
	cpe:2.3:h:cisco:mds_9100:-:::::::*
	cpe:2.3:h:cisco:mds_9132t:-:::::::*
	cpe:2.3:h:cisco:mds_9134:-:::::::*
	cpe:2.3:h:cisco:mds_9140:-:::::::*
	cpe:2.3:h:cisco:mds_9148:-:::::::*
	cpe:2.3:h:cisco:mds_9148s:-:::::::*
	cpe:2.3:h:cisco:mds_9148t:-:::::::*
	cpe:2.3:h:cisco:mds_9200:-:::::::*
	cpe:2.3:h:cisco:mds_9216:-:::::::*
	cpe:2.3:h:cisco:mds_9216a:-:::::::*
	cpe:2.3:h:cisco:mds_9216i:-:::::::*
	cpe:2.3:h:cisco:mds_9222i:-:::::::*
	cpe:2.3:h:cisco:mds_9250i:-:::::::*
	cpe:2.3:h:cisco:mds_9396s:-:::::::*
	cpe:2.3:h:cisco:mds_9396t:-:::::::*
	cpe:2.3:h:cisco:mds_9500:-:::::::*
	cpe:2.3:h:cisco:mds_9506:-:::::::*
	cpe:2.3:h:cisco:mds_9509:-:::::::*
	cpe:2.3:h:cisco:mds_9513:-:::::::*
	cpe:2.3:h:cisco:mds_9700:-:::::::*
	cpe:2.3:h:cisco:mds_9706:-:::::::*
	cpe:2.3:h:cisco:mds_9710:-:::::::*
	cpe:2.3:h:cisco:mds_9718:-:::::::*
	cpe:2.3:h:cisco:nexus_1000_virtual_edge:-:::::vmware_vsphere::
	cpe:2.3:h:cisco:nexus_1000v:-:::::microsoft_hyper-v::
	cpe:2.3:h:cisco:nexus_1000v:-:::::vmware_vsphere::
	cpe:2.3:h:cisco:nexus_5500:-:::::::*
	cpe:2.3:h:cisco:nexus_5548p:-:::::::*
	cpe:2.3:h:cisco:nexus_5548up:-:::::::*
	cpe:2.3:h:cisco:nexus_5596t:-:::::::*
	cpe:2.3:h:cisco:nexus_5596up:-:::::::*
	cpe:2.3:h:cisco:nexus_5600:-:::::::*
	cpe:2.3:h:cisco:nexus_56128p:-:::::::*
	cpe:2.3:h:cisco:nexus_5624q:-:::::::*
	cpe:2.3:h:cisco:nexus_5648q:-:::::::*
	cpe:2.3:h:cisco:nexus_5672up:-:::::::*
	cpe:2.3:h:cisco:nexus_5672up-16g:-:::::::*
	cpe:2.3:h:cisco:nexus_5696q:-:::::::*
	cpe:2.3:h:cisco:nexus_6000:-:::::::*
	cpe:2.3:h:cisco:nexus_6001:-:::::::*
	cpe:2.3:h:cisco:nexus_6001p:-:::::::*
	cpe:2.3:h:cisco:nexus_6001t:-:::::::*
	cpe:2.3:h:cisco:nexus_6004:-:::::::*
	cpe:2.3:h:cisco:nexus_6004x:-:::::::*
	cpe:2.3:h:cisco:nexus_7000:-:::::::*
	cpe:2.3:h:cisco:nexus_7004:-:::::::*
	cpe:2.3:h:cisco:nexus_7009:-:::::::*
	cpe:2.3:h:cisco:nexus_7010:-:::::::*
	cpe:2.3:h:cisco:nexus_7018:-:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-24347	A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-remoteauth-dos-XB6pv74m

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2023-08-23T18:07:53.428Z

Updated: 2024-08-02T09:05:35.038Z

Reserved: 2022-10-27T18:47:50.362Z

Link: CVE-2023-20168

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-08-23T19:15:07.777

Modified: 2024-11-21T07:40:43.873

Link: CVE-2023-20168

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Projects

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object