MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2023-20115

CVSS 5.4v3.1pub. 2023-08-23upd. 2024-11-21

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. There are workarounds that address this vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
  • Cisco Nexus 3048

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 31108pc V

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 31108tc V

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 31128pq

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3132c Z

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3132q V

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3132q Xl

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3164q

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3172pq

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3172pq Xl

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3172tq

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3172tq 32t

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3172tq Xl

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3232c

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3264c E

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3264q

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3408 S

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 34180yc

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 34200yc Sm

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3432d S

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3464c

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3524

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3524 X

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3524 Xl

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3548

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3548 X

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3548 Xl

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 36180yc R

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 3636c R

    HW
    Cisco
    wszystkie wersje
  • Cisco Nexus 9000v

    HW
    Cisco
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2021-1361CRITICAL9.8ten sam produkt

A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switc...

CVE-2019-1804CRITICAL9.8ten sam produkt

A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (...

CVE-2018-0310CRITICAL9.8ten sam produkt

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could a...

CVE-2018-0301CRITICAL9.8ten sam produkt

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker ...

CVE-2016-1453CRITICAL9.8ten sam produkt

Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Ne...