How severe is CVE-2023-48700?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-48700?

This is classified as CWE-256, which is a common weakness in software security.

CVE-2023-48700 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Starting in version 2.0.0 and prior to version 3.0.0, credentials provided to onboarding task are visible via Job Results from an execution of an Onboarding Task. Version 3.0.0 fixes this issue; no known workarounds are available. Mitigation recommendations include deleting all Job Results for any onboarding task to remove clear text credentials from database entries that were run while on v2.0.X, upgrading to v3.0.0, and rotating any exposed credentials.

Related Vulnerabilities

CVE-2019-0032

MEDIUM

CVSS:6.5(Medium)

A password management issue exists where the Organization authentication username and password were stored in plaintext in log files. A locally authenticated attacker who is able to access these store...

CWE-2562019

CVE-2021-1589

MEDIUM

CVSS:6.5(Medium)

A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exis...

CWE-2562021

CVE-2021-36309

MEDIUM

CVSS:6.5(Medium)

Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius cre...

CWE-2562021

CVE-2022-22458

MEDIUM

CVSS:6.5(Medium)

IBM Security Verify Governance, Identity Manager 10.0.1 stores user credentials in plain clear text which can be read by a remote authenticated user. IBM X-Force ID: 225009.

CWE-2562022

CVE-2022-3287

MEDIUM

CVSS:6.5(Medium)

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read t...

CWE-2562022

CVE-2023-22389

MEDIUM

CVSS:6.5(Medium)

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any us...

CWE-2562023