CVE-2023-20012

Name of the Vulnerable Software and Affected Versions Cisco Unified Computing System (UCS) Manager versions (affected versions not specified) Cisco Nexus 9000 Series (affected versions not specified) Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) (affected versions not specified)

Description The issue is related to weaknesses in the authentication procedure when checking passwords. It could allow an attacker to cause a denial of service condition. An unauthenticated attacker with physical access could bypass authentication by logging in to the console port on an affected device, potentially causing a device reboot. The vulnerability is due to the improper implementation of the password validation function, specifically the password validation function.

Recommendations For Cisco Unified Computing System (UCS) Manager, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco Nexus 9000 Series, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Cisco Nexus 9300-FX3 Series Fabric Extender (FEX), consider restricting physical access to the console port as a temporary workaround until a patch is available.