Rewterz Threat Advisory – CVE-2023-37379 – Apache Airflow Vulnerability
August 24, 2023Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
August 24, 2023Rewterz Threat Advisory – CVE-2023-37379 – Apache Airflow Vulnerability
August 24, 2023Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
August 24, 2023Severity
Medium
Analysis Summary
CVE-2023-20168 CVSS:7.1
Cisco NX-OS Software is vulnerable to a denial of service, caused by improper input validation when processing an authentication attempt when the directed request option is enabled for TACACS+ or RADIUS. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the device to reload unexpectedly, and results in a denial of service condition.
CVE-2023-20169 CVSS:7.4
Cisco Nexus 3000 and 9000 Series Switches are vulnerable to a denial of service, caused by improper input validation when parsing an ingress IS-IS packet. By sending a specially crafted IS-IS packet, a remote attacker could exploit this vulnerability to cause the IS-IS process to restart unexpectedly, and results in a denial of service condition.
CVE-2023-20200 CVSS:7.7
Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects are vulnerable to a denial of service, caused by improper handling of specific SNMP requests. By sending a specially crafted SNMP request, a remote authenticated attacker could exploit this vulnerability to cause the device to reload, and results in a denial of service condition.
CVE-2023-20115 CVSS:5.4
Cisco Nexus 3000 and 9000 Series Switches could allow a remote authenticated attacker to bypass security restrictions, caused by a logic error when verifying the user role when an SFTP connection is opened. By sending a specially crafted request, an attacker could exploit this vulnerability to read or overwrite files from the underlying operating system with the privileges of the authenticated user.
CVE-2023-20234 CVSS:4.4
Cisco FXOS Software could allow a local authenticated attacker to bypass security restrictions, caused by improper validating parameters when a specific CLI command is used. By sending a specially crafted CLI command, an attacker could exploit this vulnerability to overwrite arbitrary files on the disk.
CVE-2023-20230 CVSS:5.4
Cisco Application Policy Infrastructure Controller (APIC) could allow a remote authenticated attacker to bypass security restrictions, caused by improper access control when restricted security domains are used. By sending a specially crafted request, an attacker could exploit this vulnerability to read, modify, or delete policies created by users associated with a different security domain.
Impact
- Denial of Service
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-20168
- CVE-2023-20169
- CVE-2023-20200
- CVE-2023-20115
- CVE-2023-20234
- CVE-2023-20230
Affected Vendors
Cisco
Affected Products
- Cisco Nexus 3000 Series Switches
- Cisco MDS 9000 Series Multilayer Switches
- Cisco Nexus 6000 Series Switches
- Cisco Nexus 7000 Series Switches
- Cisco Nexus 5500 Platform Switches
- Cisco Nexus 5600 Platform Switches
- Cisco NX-OS Software
- Cisco Nexus 9000 Series Switches in standalone NX-OS mode
- Cisco Nexus 1000V Switch for Microsoft Hyper-V
- Cisco Nexus 1000V Switch for VMware vSphere
- Cisco Nexus 1000 Virtual Edge for VMware vSphere
- Cisco UCS 6300 Series Fabric Interconnects
- Cisco Firepower 9300 Security Appliances
- Cisco Firepower 9300 Series Security Appliances
- Cisco FXOS Software
- Cisco Firepower 4100 Series
- Cisco Firepower 2100 Series
- Cisco Firepower 1000 Series
- Cisco Secure Firewall 3100 Series
- Cisco Application Policy Infrastructure Controlle
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.