CVE-2023-20038

HIGH

Cisco Industrial Network Director - Info Disclosure

Title source: llm

Description

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and credentials for accessing remote systems. This vulnerability is due to a static key value stored in the application used to encrypt application data and remote credentials. An attacker could exploit this vulnerability by gaining local access to the server Cisco Industrial Network Director is installed on. A successful exploit could allow the attacker to decrypt data allowing the attacker to access remote systems monitored by Cisco Industrial Network Director.

References (1)

[Vendor Advisory] https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG

Scores

CVSS v3 8.8

EPSS 0.0004

EPSS Percentile 13.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-321 CWE-798

Status published

Products (1)

cisco/industrial_network_director < 1.6.0

Published Jan 20, 2023

Tracked Since Feb 18, 2026