Vulnslist

find the latest Cisco vulnerabilities

Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access Vulnerability

cisco-sa-nxos-sftp-xVAp5Hfd · Medium · Published · Updated

A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device.  This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-sftp-xVAp5Hfd This advisory is part of the August 2023 Cisco FXOS and NX-OS Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: August 2023 Semiannual Cisco FXOS and NX-OS Software Security Advisory Bundled Publication.

Cisco advisory ·CSAF JSON

Workarounds

This vulnerability is specific to the SFTP server feature, which is enabled with the configuration command feature sftp-server.

The SCP server feature can be configured using the feature scp-server command to allow SCP access to the device. For the configuration prerequisite and CLI commands, see the Cisco Nexus 9000 Series NX-OS Security Configuration Guide - Configuring SSH and Telnet https://www.cisco.com/c/en/us/td/docs/dcn/nx-os/nexus9000/101x/configuration/security/cisco-nexus-9000-nx-os-security-configuration-guide-101x/m-configuring-ssh-and-telnet.html .

While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

CVEsCVE-2023-20115
Cisco Bug IDsCSCwe47138
CVSS ScoreBase 5.4
Base 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco NX-OS Software 9.2(1), Cisco NX-OS Software 9.2(2), Cisco NX-OS Software 9.2(2t), Cisco NX-OS Software 9.2(3), Cisco NX-OS Software 9.2(3y), Cisco NX-OS Software 9.2(4), Cisco NX-OS Software 9.2(2v), Cisco NX-OS Software 9.3(1), Cisco NX-OS Software 9.3(2), Cisco NX-OS Software 9.3(3), Cisco NX-OS Software 9.3(1z), Cisco NX-OS Software 9.3(4), Cisco NX-OS Software 9.3(5), Cisco NX-OS Software 9.3(6), Cisco NX-OS Software 9.3(5w), Cisco NX-OS Software 9.3(7), Cisco NX-OS Software 9.3(7k), Cisco NX-OS Software 9.3(7a), Cisco NX-OS Software 9.3(8), Cisco NX-OS Software 9.3(9), Cisco NX-OS Software 9.3(10), Cisco NX-OS Software 9.3(11), Cisco NX-OS Software 10.1(1), Cisco NX-OS Software 10.1(2), Cisco NX-OS Software 10.1(2t), Cisco NX-OS Software 10.2(1), Cisco NX-OS Software 10.2(1q), Cisco NX-OS Software 10.2(2), Cisco NX-OS Software 10.2(3), Cisco NX-OS Software 10.2(2a), Cisco NX-OS Software 10.2(3t), Cisco NX-OS Software 10.2(4), Cisco NX-OS Software 10.2(5), Cisco NX-OS Software 10.3(1), Cisco NX-OS Software 10.3(2), Cisco NX-OS Software, Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches

Related Products

Product CVE Evidence
Cisco Firepower Extensible Operating System (FXOS) CVE-2023-20115 Cisco OpenVuln
Cisco NX-OS Software CVE-2023-20115 Cisco OpenVuln
Cisco Nexus 9000 Series Switches CVE-2023-20115 Cisco OpenVuln
Cisco Nexus 3000 Series Switches CVE-2023-20115 Cisco OpenVuln