CVE-2023-20016

Name of the Vulnerable Software and Affected Versions Cisco UCS Manager Software (affected versions not specified) Cisco FXOS Software (affected versions not specified)

Description A weakness in the encryption method used for the backup function could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This is due to the use of a static key for the backup configuration feature. An attacker could exploit this by leveraging the static key, potentially gaining access to local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.

Recommendations For Cisco UCS Manager Software, update the software to a version that uses a secure encryption method for backup files. For Cisco FXOS Software, update the software to a version that uses a secure encryption method for configuration export files. As a temporary workaround, consider restricting access to backup files and configuration export files to minimize the risk of exploitation.