ID

VAR-202301-0957


CVE

CVE-2023-20038


TITLE

Cisco Industrial Network Director  Vulnerability in using hard-coded credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2023-002418

DESCRIPTION

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director. (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2023-20038 // JVNDB: JVNDB-2023-002418 // VULHUB: VHN-444816 // VULMON: CVE-2023-20038

AFFECTED PRODUCTS

vendor:ciscomodel:industrial network directorscope:ltversion:1.6.0

Trust: 1.0

vendor:シスコシステムズmodel:cisco industrial network directorscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco industrial network directorscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002418 // NVD: CVE-2023-20038

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20038
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20038
value: HIGH

Trust: 1.0

OTHER: JVNDB-2023-002418
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202301-982
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-20038
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.1

Trust: 2.0

OTHER: JVNDB-2023-002418
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002418 // CNNVD: CNNVD-202301-982 // NVD: CVE-2023-20038 // NVD: CVE-2023-20038

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.1

problemtype:CWE-321

Trust: 1.0

problemtype:Use hard-coded credentials (CWE-798) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-444816 // JVNDB: JVNDB-2023-002418 // NVD: CVE-2023-20038

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202301-982

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202301-982

PATCH

title:cisco-sa-ind-fZyVjJtGurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG

Trust: 0.8

title:Cisco Industrial Network Director Repair measures for trust management problem vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=223496

Trust: 0.6

title:Cisco: Cisco Industrial Network Director Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ind-fZyVjJtG

Trust: 0.1

sources: VULMON: CVE-2023-20038 // JVNDB: JVNDB-2023-002418 // CNNVD: CNNVD-202301-982

EXTERNAL IDS

db:NVDid:CVE-2023-20038

Trust: 3.4

db:JVNDBid:JVNDB-2023-002418

Trust: 0.8

db:AUSCERTid:ESB-2023.0177

Trust: 0.6

db:CNNVDid:CNNVD-202301-982

Trust: 0.6

db:VULHUBid:VHN-444816

Trust: 0.1

db:VULMONid:CVE-2023-20038

Trust: 0.1

sources: VULHUB: VHN-444816 // VULMON: CVE-2023-20038 // JVNDB: JVNDB-2023-002418 // CNNVD: CNNVD-202301-982 // NVD: CVE-2023-20038

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ind-fzyvjjtg

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2023-20038

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-20038/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2023.0177

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-444816 // VULMON: CVE-2023-20038 // JVNDB: JVNDB-2023-002418 // CNNVD: CNNVD-202301-982 // NVD: CVE-2023-20038

SOURCES

db:VULHUBid:VHN-444816
db:VULMONid:CVE-2023-20038
db:JVNDBid:JVNDB-2023-002418
db:CNNVDid:CNNVD-202301-982
db:NVDid:CVE-2023-20038

LAST UPDATE DATE

2024-08-14T15:26:54.572000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-444816date:2023-02-01T00:00:00
db:VULMONid:CVE-2023-20038date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002418date:2023-07-13T02:13:00
db:CNNVDid:CNNVD-202301-982date:2023-02-02T00:00:00
db:NVDid:CVE-2023-20038date:2024-01-25T17:15:26.670

SOURCES RELEASE DATE

db:VULHUBid:VHN-444816date:2023-01-20T00:00:00
db:VULMONid:CVE-2023-20038date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002418date:2023-07-13T00:00:00
db:CNNVDid:CNNVD-202301-982date:2023-01-12T00:00:00
db:NVDid:CVE-2023-20038date:2023-01-20T07:15:15.493