CVE-2023-20003

Published: May 18, 2023

Modified: Oct 25, 2024

PUBLISHED

CVSS v3.1

4.7

MEDIUM

Description

A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication.

Vendor	Product	Versions
Cisco	Cisco Business Wireless Access Point Software	affected `n/a`

Weaknesses (CWE)

CWE-288

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

References

20230517 Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-20003

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References