CVE-2023-20038

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-321
View all →

Vulnerability Description

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director.

Related Vulnerabilities

CVE-2020-7846

HIGH
CVSS:8.8(High)

Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web pag...

CWE-3212020

CVE-2021-27392

HIGH
CVSS:8.8(High)

A vulnerability has been identified in Siveillance Video Open Network Bridge (2020 R3), Siveillance Video Open Network Bridge (2020 R2), Siveillance Video Open Network Bridge (2020 R1), Siveillance Vi...

CWE-3212021

CVE-2022-0664

HIGH
CVSS:8.8(High)

Use of Hard-coded Cryptographic Key in Go github.com/gravitl/netmaker prior to 0.8.5,0.9.4,0.10.0,0.10.1.

CWE-3212022

CVE-2022-20868

HIGH
CVSS:8.8(High)

A vulnerability in the web-based management interface of Cisco Email Security Appliance, Cisco Secure Email and Web Manager and Cisco Secure Web Appliance could allow an authenticated, remote attacker...

CWE-3212022

CVE-2022-23650

HIGH
CVSS:8.8(High)

Netmaker is a platform for creating and managing virtual overlay networks using WireGuard. Prior to versions 0.8.5, 0.9.4, and 010.0, there is a hard-coded cryptographic key in the code base which can...

CWE-3212022