#VU72513 Key management errors in Cisco Systems, Inc products - CVE-2023-20016
Published: February 23, 2023
Vulnerability identifier: #VU72513
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-20016
CWE-ID: CWE-320
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco UCS Manager
Firepower 4100 Series Security Appliances
UCS 6200 Series Fabric Interconnects
UCS 6300 Series Fabric Interconnects
UCS 6400 Series Fabric Interconnects
UCS 6500 Series Fabric Interconnects
Cisco Firepower 9300 Security Appliance
Cisco FXOS
Cisco UCS Manager
Firepower 4100 Series Security Appliances
UCS 6200 Series Fabric Interconnects
UCS 6300 Series Fabric Interconnects
UCS 6400 Series Fabric Interconnects
UCS 6500 Series Fabric Interconnects
Cisco Firepower 9300 Security Appliance
Cisco FXOS
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to a weakness in the encryption method used for the backup function. A local attacker can decrypt sensitive information that is stored in full state and configuration backup files.
Remediation
Install updates from vendor's website.