CVE-2023-20003

CWE-288CWE-306Missing Authentication4 documents4 sources
Severity
8.8HIGH
EPSS
0.0%
top 96.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Cisco Business 140ac Access Point FirmwareCisco Business 141acm FirmwareCisco Business 142acm Firmware+6 more
Timeline
PublishedMay 18

Description

A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages9 packages

🔴Vulnerability Details

2
GHSA
GHSA-98rg-4fmq-frpj: A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthentic2023-05-18
CVEList
Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability2023-05-18

📋Vendor Advisories

1
Cisco
Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability2023-05-17
CVE-2023-20003 (HIGH CVSS 8.8) | A vulnerability in the social login | cvebase.io