CVE-2023-20038

CVSS V2 None CVSS V3 None
Description
A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director.
Overview
  • CVE ID
  • CVE-2023-20038
  • Assigner
  • ykramarz@cisco.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-20T07:15:15
  • Last Modified Date
  • 2023-02-01T02:40:45
Weakness Enumerations
CWE URL
CWE-798 http://cwe.mitre.org/data/definitions/798.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:cisco:industrial_network_director:*:*:*:*:*:*:*:* 1 OR 1.6.0
References
Reference URL Reference Tags
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-20038
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20038
History
Created Old Value New Value Data Type Notes
2023-01-20 08:14:21 Added to TrackCVE
2023-01-20 15:14:59 2023-01-20T13:54:58 CVE Modified Date updated
2023-01-20 15:14:59 Received Awaiting Analysis Vulnerability Status updated
2023-01-27 16:15:43 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-02-01 05:13:57 2023-02-01T02:40:45 CVE Modified Date updated
2023-02-01 05:13:57 Undergoing Analysis Analyzed Vulnerability Status updated
2023-02-01 05:13:58 Weakness Enumeration new
2023-02-01 05:14:00 CPE Information updated