Denial of Service Vulnerability in Cisco FXOS and UCS 6300 Series
CVE-2023-20200

6.3MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Unified Computing System (Managed); Cisco Firepower Extensible Operating System (FXOS)
Vendor: CVE Published:; 23 August 2023

What is CVE-2023-20200?

A vulnerability exists in the Simple Network Management Protocol (SNMP) service of certain Cisco devices, allowing an authenticated, remote attacker to induce a denial of service condition. This flaw arises from the improper handling of crafted SNMP requests, potentially leading to device reloads. Exploiting this vulnerability requires knowledge of the SNMP community string on SNMPv2c or earlier, or valid SNMP user credentials on SNMPv3.

Affected Version(s)

Cisco Firepower Extensible Operating System (FXOS) 2.2.1.63

Cisco Firepower Extensible Operating System (FXOS) 2.2.1.66

Cisco Firepower Extensible Operating System (FXOS) 2.2.1.70

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2023
Vulnerability Reserved
Oct 27, 2022