Sign-up

ID

VAR-202301-0957


CVE

CVE-2023-20038


TITLE

Cisco Industrial Network Director  Vulnerability in using hard-coded credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002418

DESCRIPTION

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-20038 // JVNDB: JVNDB-2023-002418 // VULHUB: VHN-444816 // VULMON: CVE-2023-20038

AFFECTED PRODUCTS

vendor:ciscomodel:industrial network directorscope:ltversion:1.6.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco industrial network directorscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco industrial network directorscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002418 // NVD: CVE-2023-20038

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-20038
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20038
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-002418
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202301-982
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.1

Trust: 2.0

OTHER: JVNDB-2023-002418
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002418 // CNNVD: CNNVD-202301-982 // NVD: CVE-2023-20038 // NVD: CVE-2023-20038

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.1

problemtype:Use hard-coded credentials (CWE-798) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-444816 // JVNDB: JVNDB-2023-002418 // NVD: CVE-2023-20038

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202301-982

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202301-982

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-20038

PATCH
title:cisco-sa-ind-fZyVjJtGurl:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ind-fzyvjjtg
Trust: 0.8
title:Cisco Industrial Network Director Repair measures for trust management problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=223496
Trust: 0.6
title:Cisco: Cisco Industrial Network Director Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ind-fzyvjjtg
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20038 // 
            
            
            
            JVNDB: JVNDB-2023-002418 // 
            
            
            
            CNNVD: CNNVD-202301-982

EXTERNAL IDS
db:NVDid:CVE-2023-20038
Trust: 3.4
db:JVNDBid:JVNDB-2023-002418
Trust: 0.8
db:AUSCERTid:ESB-2023.0177
Trust: 0.6
db:CNNVDid:CNNVD-202301-982
Trust: 0.6
db:VULHUBid:VHN-444816
Trust: 0.1
db:VULMONid:CVE-2023-20038
Trust: 0.1
sources:
            
            
            VULHUB: VHN-444816 // 
            
            
            
            VULMON: CVE-2023-20038 // 
            
            
            
            JVNDB: JVNDB-2023-002418 // 
            
            
            
            CNNVD: CNNVD-202301-982 // 
            
            
            
            NVD: CVE-2023-20038

REFERENCES
url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ind-fzyvjjtg
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2023-20038
Trust: 0.8
url:https://cxsecurity.com/cveshow/cve-2023-20038/
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2023.0177
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-444816 // 
            
            
            
            VULMON: CVE-2023-20038 // 
            
            
            
            JVNDB: JVNDB-2023-002418 // 
            
            
            
            CNNVD: CNNVD-202301-982 // 
            
            
            
            NVD: CVE-2023-20038

SOURCES
db:VULHUBid:VHN-444816
db:VULMONid:CVE-2023-20038
db:JVNDBid:JVNDB-2023-002418
db:CNNVDid:CNNVD-202301-982
db:NVDid:CVE-2023-20038

LAST UPDATE DATE
2024-01-29T19:19:28.459000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-444816date:2023-02-01T00:00:00
db:VULMONid:CVE-2023-20038date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002418date:2023-07-13T02:13:00
db:CNNVDid:CNNVD-202301-982date:2023-02-02T00:00:00
db:NVDid:CVE-2023-20038date:2024-01-25T17:15:26.670

SOURCES RELEASE DATE
db:VULHUBid:VHN-444816date:2023-01-20T00:00:00
db:VULMONid:CVE-2023-20038date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002418date:2023-07-13T00:00:00
db:CNNVDid:CNNVD-202301-982date:2023-01-12T00:00:00
db:NVDid:CVE-2023-20038date:2023-01-20T07:15:15.493