CVE-2023-20200 — Infinite Loop in Cisco UCS 6324 Fabric Interconnect Firmware

CWE-835 — Infinite Loop CWE-732 — Incorrect Permission Assignment5 documents5 sources

Severity

6.3MEDIUMNVD

CNA7.7

EPSS

0.5%

top 32.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco UCS 6324 Fabric Interconnect Firmware Cisco UCS 6332-16up Fabric Interconnect Firmware Cisco UCS 6332 Fabric Interconnect Firmware +2 more

Timeline

PublishedAug 23

Description

A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected dev…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 1.8 | Impact: 4.0

Affected Packages5 packages

▶CVEListV5cisco/cisco_firepower_extensible_operating_system18 versions+17

▶NVDcisco/ucs_6324_fabric_interconnect_firmware4.1 — 4.1\(3l\)+1

▶NVDcisco/ucs_6332_fabric_interconnect_firmware4.1 — 4.1\(3l\)+1

▶NVDcisco/ucs_6332-16up_fabric_interconnect_firmware4.1 — 4.1\(3l\)+1

▶CVEListV5cisco/cisco_unified_computing_system94 versions+93

🔴Vulnerability Details

CVEList

CVE-2023-20200: A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security↗2023-08-23

▶

GHSA

GHSA-vrx2-vjh6-fhxx: A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security↗2023-08-23

▶

📋Vendor Advisories

Cisco

Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects SNMP Denial of Service Vulnerability↗2023-08-23

▶