CVE-2023-20012

MEDIUM Year: 2023
CVSS v3 Score
4.6
Medium
Weakness Type
CWE-287
View all →

Vulnerability Description

A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability is due to the improper implementation of the password validation function. An attacker could exploit this vulnerability by logging in to the console port on an affected device. A successful exploit could allow the attacker to bypass authentication and execute a limited set of commands local to the FEX, which could cause a device reboot and denial of service (DoS) condition.

Related Vulnerabilities

CVE-2012-6340

MEDIUM
CVSS:4.6(Medium)

An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002.

CWE-2872012

CVE-2016-11041

MEDIUM
CVSS:4.6(Medium)

An issue was discovered on Samsung mobile devices with KK(4.4) software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 (June 2016).

CWE-2872016

CVE-2017-18646

MEDIUM
CVSS:4.6(Medium)

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. An attacker can bypass the password requirement for tablet user switching by folding the magnetic cover. The Samsung ...

CWE-2872017

CVE-2017-2721

MEDIUM
CVSS:4.6(Medium)

Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CU...

CWE-2872017

CVE-2018-21062

MEDIUM
CVSS:4.6(Medium)

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a lock...

CWE-2872018