ISHACK AI BOT

Debian: CVE-2023-4429: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/23/2023 Created 08/28/2023 Added 08/28/2023 Modified 01/28/2025 Description Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4429 CVE - 2023-4429 DSA-5483-1

Amazon Linux 2023: CVE-2023-45322: Important priority package update for libxml2 Severity 5 CVSS (AV:N/AC:H/Au:N/C:N/I:N/A:C) Published 08/23/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail." A flaw was found in libxml2. In an out-of-memory condition or when limiting the memory allocation, processing a XML document using the HTML parser may result in a use-after-free vulnerability. Solution(s) amazon-linux-2023-upgrade-libxml2 amazon-linux-2023-upgrade-libxml2-debuginfo amazon-linux-2023-upgrade-libxml2-debugsource amazon-linux-2023-upgrade-libxml2-devel amazon-linux-2023-upgrade-libxml2-static amazon-linux-2023-upgrade-python3-libxml2 amazon-linux-2023-upgrade-python3-libxml2-debuginfo References https://attackerkb.com/topics/cve-2023-45322 CVE - 2023-45322 https://alas.aws.amazon.com/AL2023/ALAS-2023-411.html

Cisco UCS Manager: CVE-2023-20200: Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS 6300 Series Fabric Interconnects SNMP Denial of Service Vulnerability Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 08/23/2023 Created 09/06/2024 Added 09/03/2024 Modified 09/03/2024 Description A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device. Solution(s) cisco-ucs-manager-upgrade-latest References https://attackerkb.com/topics/cve-2023-20200 CVE - 2023-20200 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO cisco-sa-fp-ucsfi-snmp-dos-qtv69NAO

Cisco NX-OS: CVE-2023-20169: Cisco Nexus 3000 and 9000 Series Switches IS-IS Protocol Denial of Service Vulnerability Severity 6 CVSS (AV:A/AC:L/Au:N/C:N/I:N/A:C) Published 08/23/2023 Created 08/24/2023 Added 08/24/2023 Modified 07/16/2024 Description A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device. Solution(s) cisco-nx-update-latest References https://attackerkb.com/topics/cve-2023-20169 CVE - 2023-20169 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb cisco-sa-nxos-n3_9k-isis-dos-FTCXB4Vb

Security Advisory 0089 Severity 6 CVSS (AV:A/AC:M/Au:N/C:N/I:N/A:C) Published 08/23/2023 Created 07/30/2024 Added 09/04/2024 Modified 12/17/2024 Description On affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place. The issue was discovered in an Arista customer environment but Arista is not aware of any malicious uses of this issue in customer networks. Solution(s) upgrade-solution-CVE-2023-24548 References https://attackerkb.com/topics/cve-2023-24548 CVE - 2023-24548 https://www.arista.com//en/support/advisories-notices/security-advisory/18043-security-advisory-0089

Security Advisory 0088 Severity 7 CVSS (AV:N/AC:M/Au:N/C:N/I:N/A:C) Published 08/23/2023 Created 09/10/2024 Added 09/04/2024 Modified 12/17/2024 Description On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload. This issue was discovered by a customer and Arista is not aware of any malicious uses of this issue in customer networks. Solution(s) upgrade-solution-CVE-2023-3646 References https://attackerkb.com/topics/cve-2023-3646 CVE - 2023-3646 https://www.arista.com//en/support/advisories-notices/security-advisory/18042-security-advisory-0088

Alma Linux: CVE-2023-41105: Moderate: python3.11 security update (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/23/2023 Created 11/17/2023 Added 11/16/2023 Modified 01/30/2025 Description An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. Solution(s) alma-upgrade-python3.11 alma-upgrade-python3.11-debug alma-upgrade-python3.11-devel alma-upgrade-python3.11-idle alma-upgrade-python3.11-libs alma-upgrade-python3.11-rpm-macros alma-upgrade-python3.11-test alma-upgrade-python3.11-tkinter References https://attackerkb.com/topics/cve-2023-41105 CVE - 2023-41105 https://errata.almalinux.org/8/ALSA-2023-7024.html https://errata.almalinux.org/9/ALSA-2023-6494.html

Alma Linux: CVE-2023-4042: Moderate: ghostscript security and bug fix update (ALSA-2023-7053) Severity 5 CVSS (AV:L/AC:M/Au:N/C:N/I:N/A:C) Published 08/23/2023 Created 11/29/2023 Added 11/28/2023 Modified 01/28/2025 Description A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. Solution(s) alma-upgrade-ghostscript alma-upgrade-ghostscript-doc alma-upgrade-ghostscript-tools-dvipdf alma-upgrade-ghostscript-tools-fonts alma-upgrade-ghostscript-tools-printing alma-upgrade-ghostscript-x11 alma-upgrade-libgs alma-upgrade-libgs-devel References https://attackerkb.com/topics/cve-2023-4042 CVE - 2023-4042 https://errata.almalinux.org/8/ALSA-2023-7053.html

Red Hat: CVE-2023-3899: inadequate authorization of com.redhat.RHSM1 D-Bus interface allows local users to modify configuration (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/23/2023 Created 08/29/2023 Added 08/29/2023 Modified 01/28/2025 Description A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root. Solution(s) redhat-upgrade-dnf-plugin-subscription-manager redhat-upgrade-dnf-plugin-subscription-manager-debuginfo redhat-upgrade-libdnf-plugin-subscription-manager redhat-upgrade-libdnf-plugin-subscription-manager-debuginfo redhat-upgrade-python-syspurpose redhat-upgrade-python3-cloud-what redhat-upgrade-python3-subscription-manager-rhsm redhat-upgrade-python3-subscription-manager-rhsm-debuginfo redhat-upgrade-python3-syspurpose redhat-upgrade-rhsm-gtk redhat-upgrade-rhsm-icons redhat-upgrade-subscription-manager redhat-upgrade-subscription-manager-cockpit redhat-upgrade-subscription-manager-debuginfo redhat-upgrade-subscription-manager-debugsource redhat-upgrade-subscription-manager-gui redhat-upgrade-subscription-manager-initial-setup-addon redhat-upgrade-subscription-manager-migration redhat-upgrade-subscription-manager-plugin-container redhat-upgrade-subscription-manager-plugin-ostree redhat-upgrade-subscription-manager-rhsm redhat-upgrade-subscription-manager-rhsm-certificates References CVE-2023-3899 RHSA-2023:4701 RHSA-2023:4705 RHSA-2023:4706 RHSA-2023:4707 RHSA-2023:4708

Amazon Linux 2023: CVE-2022-40433: Important priority package update for java-1.8.0-amazon-corretto (Multiple Advisories) Severity 6 CVSS (AV:N/AC:L/Au:M/C:N/I:N/A:C) Published 08/23/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: ** REJECT ** This CVE ID has been rejected by its CNA as it was not a security issue. A vulnerability was found in OpenJDK. This issue occurs in the ciMethodBlocks::make_block_at function in OpenJDK (HotSpot VM) 8 (11 and 17 are fixed starting from 11.0.17 and 17.0.5 respectively), and may allow an attacker to cause a denial of service. Solution(s) amazon-linux-2023-upgrade-java-11-amazon-corretto amazon-linux-2023-upgrade-java-11-amazon-corretto-devel amazon-linux-2023-upgrade-java-11-amazon-corretto-headless amazon-linux-2023-upgrade-java-11-amazon-corretto-javadoc amazon-linux-2023-upgrade-java-11-amazon-corretto-jmods amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto amazon-linux-2023-upgrade-java-1-8-0-amazon-corretto-devel References https://attackerkb.com/topics/cve-2022-40433 CVE - 2022-40433 https://alas.aws.amazon.com/AL2023/ALAS-2023-426.html https://alas.aws.amazon.com/AL2023/ALAS-2023-427.html

Amazon Linux 2023: CVE-2023-41105: Important priority package update for python3.11 Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/23/2023 Created 02/14/2025 Added 02/14/2025 Modified 02/14/2025 Description An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. Python 3.11 os.path.normpath() function is vulnerable to path truncation if a null byte is inserted in the middle of passed path. This may result in bypass of allow lists if implemented before the verification of the path. Solution(s) amazon-linux-2023-upgrade-python3-11 amazon-linux-2023-upgrade-python3-11-debug amazon-linux-2023-upgrade-python3-11-debuginfo amazon-linux-2023-upgrade-python3-11-debugsource amazon-linux-2023-upgrade-python3-11-devel amazon-linux-2023-upgrade-python3-11-idle amazon-linux-2023-upgrade-python3-11-libs amazon-linux-2023-upgrade-python3-11-test amazon-linux-2023-upgrade-python3-11-tkinter References https://attackerkb.com/topics/cve-2023-41105 CVE - 2023-41105 https://alas.aws.amazon.com/AL2023/ALAS-2023-317.html

SUSE: CVE-2023-4429: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/23/2023 Created 08/29/2023 Added 08/29/2023 Modified 01/28/2025 Description Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2023-4429 CVE - 2023-4429

Google Chrome Vulnerability: CVE-2023-4428 Out of bounds memory access in CSS Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 08/23/2023 Created 08/28/2023 Added 08/28/2023 Modified 01/28/2025 Description Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4428 CVE - 2023-4428 https://chromereleases.googleblog.com/2023/08/chrome-desktop-stable-update.html

Debian: CVE-2023-41105: python3.11, python3.9 -- security update Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/23/2023 Created 07/31/2024 Added 07/30/2024 Modified 01/30/2025 Description An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. Solution(s) debian-upgrade-python3-11 debian-upgrade-python3-9 References https://attackerkb.com/topics/cve-2023-41105 CVE - 2023-41105

Ubuntu: (Multiple Advisories) (CVE-2023-41105): Python vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/23/2023 Created 12/13/2023 Added 12/12/2023 Modified 01/30/2025 Description An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. Solution(s) ubuntu-pro-upgrade-python3-10 ubuntu-pro-upgrade-python3-10-minimal ubuntu-pro-upgrade-python3-11 ubuntu-pro-upgrade-python3-11-minimal References https://attackerkb.com/topics/cve-2023-41105 CVE - 2023-41105 USN-6547-1 USN-6891-1

FreeBSD: (Multiple Advisories) (CVE-2023-4427): electron24 -- multiple vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 08/23/2023 Created 08/28/2023 Added 08/25/2023 Modified 01/28/2025 Description Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-electron22 freebsd-upgrade-package-electron24 freebsd-upgrade-package-electron25 freebsd-upgrade-package-ungoogled-chromium References CVE-2023-4427

CentOS Linux: CVE-2023-3899: Moderate: subscription-manager security update (CESA-2023:4701) Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/23/2023 Created 08/29/2023 Added 08/29/2023 Modified 01/28/2025 Description A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root. Solution(s) centos-upgrade-python-syspurpose centos-upgrade-rhsm-gtk centos-upgrade-subscription-manager centos-upgrade-subscription-manager-cockpit centos-upgrade-subscription-manager-debuginfo centos-upgrade-subscription-manager-gui centos-upgrade-subscription-manager-initial-setup-addon centos-upgrade-subscription-manager-migration centos-upgrade-subscription-manager-plugin-container centos-upgrade-subscription-manager-plugin-ostree centos-upgrade-subscription-manager-rhsm centos-upgrade-subscription-manager-rhsm-certificates References CVE-2023-3899

Gentoo Linux: CVE-2023-4431: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 08/23/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4431 CVE - 2023-4431 202401-34

Gentoo Linux: CVE-2023-4430: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/23/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4430 CVE - 2023-4430 202401-34

Google Chrome Vulnerability: CVE-2023-4430 Use after free in Vulkan Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 08/23/2023 Created 08/28/2023 Added 08/28/2023 Modified 01/28/2025 Description Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2023-4430 CVE - 2023-4430 https://crbug.com/1469542

Gentoo Linux: CVE-2023-4428: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:C) Published 08/23/2023 Created 02/02/2024 Added 02/01/2024 Modified 01/28/2025 Description Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Solution(s) gentoo-linux-upgrade-www-client-chromium gentoo-linux-upgrade-www-client-google-chrome gentoo-linux-upgrade-www-client-microsoft-edge References https://attackerkb.com/topics/cve-2023-4428 CVE - 2023-4428 202401-34

Rapid7 Insight Agent: CVE-2023-41105: Untrusted Search Path Severity 4 CVSS (AV:L/AC:H/Au:N/C:N/I:C/A:N) Published 08/23/2023 Created 03/20/2024 Added 03/19/2024 Modified 04/23/2024 Description Rapid7 Insight Agent versions below 4.0.6.14 suffer from a Untrusted Search Path vulnerability. Solution(s) rapid7-insightagent-upgrade-4_0_6_14 References https://attackerkb.com/topics/cve-2023-41105 CVE - 2023-41105 https://docs.rapid7.com/release-notes/insightagent/20240314/

SUSE: CVE-2023-32182: SUSE Linux Security Advisory Severity 7 CVSS (AV:L/AC:L/Au:S/C:C/I:C/A:C) Published 08/23/2023 Created 08/24/2023 Added 08/24/2023 Modified 01/28/2025 Description A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1. Solution(s) suse-upgrade-postfix suse-upgrade-postfix-bdb suse-upgrade-postfix-bdb-lmdb suse-upgrade-postfix-devel suse-upgrade-postfix-doc suse-upgrade-postfix-ldap suse-upgrade-postfix-lmdb suse-upgrade-postfix-mysql suse-upgrade-postfix-postgresql References https://attackerkb.com/topics/cve-2023-32182 CVE - 2023-32182

SUSE: CVE-2023-41105: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/23/2023 Created 10/04/2023 Added 10/04/2023 Modified 01/28/2025 Description An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. Solution(s) suse-upgrade-libpython3_11-1_0 suse-upgrade-libpython3_11-1_0-32bit suse-upgrade-libpython3_4m1_0 suse-upgrade-libpython3_4m1_0-32bit suse-upgrade-python3 suse-upgrade-python3-base suse-upgrade-python3-curses suse-upgrade-python3-dbm suse-upgrade-python3-devel suse-upgrade-python3-tk suse-upgrade-python311 suse-upgrade-python311-32bit suse-upgrade-python311-base suse-upgrade-python311-base-32bit suse-upgrade-python311-curses suse-upgrade-python311-dbm suse-upgrade-python311-devel suse-upgrade-python311-doc suse-upgrade-python311-doc-devhelp suse-upgrade-python311-idle suse-upgrade-python311-testsuite suse-upgrade-python311-tk suse-upgrade-python311-tools References https://attackerkb.com/topics/cve-2023-41105 CVE - 2023-41105

Cisco NX-OS: CVE-2023-20115: Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access Vulnerability Severity 5 CVSS (AV:N/AC:L/Au:S/C:P/I:P/A:N) Published 08/23/2023 Created 08/24/2023 Added 08/24/2023 Modified 07/16/2024 Description A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. There are workarounds that address this vulnerability. Solution(s) cisco-nx-update-latest References https://attackerkb.com/topics/cve-2023-20115 CVE - 2023-20115 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-sftp-xVAp5Hfd cisco-sa-nxos-sftp-xVAp5Hfd