How severe is CVE-2023-20016?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2023-20016?

This is classified as CWE-321, which is a common weakness in software security.

CVE-2023-20016 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.

Related Vulnerabilities

CVE-2019-10990

MEDIUM

CVSS:6.5(Medium)

Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, uses a hard-coded password to encrypt protected files in transit and at rest, which may allow an attacker to ...

CWE-3212019

CVE-2019-13929

MEDIUM

CVSS:6.5(Medium)

A vulnerability has been identified in SIMATIC IT UADM (All versions < V1.3). An authenticated remote attacker with network access to port 1434/tcp of SIMATIC IT UADM could potentially recover a passw...

CWE-3212019

CVE-2019-17098

MEDIUM

CVSS:6.5(Medium)

Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication ...

CWE-3212019

CVE-2020-25180

MEDIUM

CVSS:6.5(Medium)

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime ...

CWE-3212020

CVE-2024-33849

MEDIUM

CVSS:6.5(Medium)

ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key.

CWE-3212024

CVE-2025-48417

MEDIUM

CVSS:6.5(Medium)

The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An ...

CWE-3212025