CVE-2023-20038

EPSS 0.05%
Published 20.01.2023 07:15:15
Last modified 21.11.2024 07:40:24
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems.

 This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Industrial Network Director Version < 1.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.105

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
psirt@cisco.com	8.8	2	6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-20038

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-20038

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-20038

EUVD