Improper Authentication in Cisco Systems, Inc products - CVE-2023-20003
Published: May 18, 2023
Vulnerability identifier: #VU76284
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-20003
CWE-ID: CWE-287
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Business 140AC Access Point
Business 141ACM Mesh Extender
Business 142ACM Mesh Extender
Business 143ACM Mesh Extender
Business 151AXM Mesh Extender
Business 145AC Access Point
Business 240AC Access Point
Business 150AX Access Point
Business 140AC Access Point
Business 141ACM Mesh Extender
Business 142ACM Mesh Extender
Business 143ACM Mesh Extender
Business 151AXM Mesh Extender
Business 145AC Access Point
Business 240AC Access Point
Business 150AX Access Point
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to a logic error with the social login implementation. A remote attacker on the local network can access the Guest Portal without authentication.
Remediation
Install updates from vendor's website.