Improper Authentication in Cisco Systems, Inc products - CVE-2023-20003
Published: May 18, 2023
Vulnerability identifier: #VU76284
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-20003
CWE-ID: CWE-287
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Business 140AC Access Point
Business 141ACM Mesh Extender
Business 142ACM Mesh Extender
Business 143ACM Mesh Extender
Business 151AXM Mesh Extender
Business 145AC Access Point
Business 240AC Access Point
Business 150AX Access Point
Business 140AC Access Point
Business 141ACM Mesh Extender
Business 142ACM Mesh Extender
Business 143ACM Mesh Extender
Business 151AXM Mesh Extender
Business 145AC Access Point
Business 240AC Access Point
Business 150AX Access Point
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to a logic error with the social login implementation. A remote attacker on the local network can access the Guest Portal without authentication.
How to mitigate CVE-2023-20003
Install updates from vendor's website.