CVE-2023-20016

Summary

CVE	CVE-2023-20016
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-02-23 20:15:00 UTC
Updated	2023-11-07 04:05:00 UTC
Description	A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.

Risk And Classification

Problem Types: CWE-330

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Cisco	Firepower 4100	-	All	All	All
Hardware	Cisco	Firepower 4110	-	All	All	All
Hardware	Cisco	Firepower 4112	-	All	All	All
Hardware	Cisco	Firepower 4115	-	All	All	All
Hardware	Cisco	Firepower 4120	-	All	All	All
Hardware	Cisco	Firepower 4125	-	All	All	All
Hardware	Cisco	Firepower 4140	-	All	All	All
Hardware	Cisco	Firepower 4145	-	All	All	All
Hardware	Cisco	Firepower 4150	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-24	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-36	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-40	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-44	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-44 X 3	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-48	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-56	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-56 X 3	-	All	All	All
Operating System	Cisco	Fxos	All	All	All	All
Hardware	Cisco	Ucs 6200	-	All	All	All
Operating System	Cisco	Ucs 6200 Firmware	-	All	All	All
Hardware	Cisco	Ucs 6248up	-	All	All	All
Operating System	Cisco	Ucs 6248up Firmware	-	All	All	All
Hardware	Cisco	Ucs 6296up	-	All	All	All
Operating System	Cisco	Ucs 6296up Firmware	-	All	All	All
Hardware	Cisco	Ucs 6300	-	All	All	All
Operating System	Cisco	Ucs 6300 Firmware	-	All	All	All
Hardware	Cisco	Ucs 6324	-	All	All	All
Operating System	Cisco	Ucs 6324 Firmware	-	All	All	All
Hardware	Cisco	Ucs 6332	-	All	All	All
Hardware	Cisco	Ucs 6332-16up	-	All	All	All
Operating System	Cisco	Ucs 6332-16up Firmware	-	All	All	All
Operating System	Cisco	Ucs 6332 Firmware	-	All	All	All
Hardware	Cisco	Ucs 64108	-	All	All	All
Operating System	Cisco	Ucs 64108 Firmware	-	All	All	All
Hardware	Cisco	Ucs 6454	-	All	All	All
Operating System	Cisco	Ucs 6454 Firmware	-	All	All	All
Hardware	Cisco	Ucs 6536	-	All	All	All
Operating System	Cisco	Ucs 6536 Firmware	-	All	All	All
Application	Cisco	Ucs Central Software	All	All	All	All

References

Reference	Source	Link	Tags
Cisco FXOS Software and UCS Manager Software Configuration Backup Static Key Vulnerability	CISCO	sec.cloudapps.cisco.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

317297 Cisco UCS Manager Software Configuration Backup Static Key Vulnerability (cisco-sa-ucsm-bkpsky-H8FCQgsA)