CVE-2023-20003 MEDIUM

CVE-2023-20003: Cisco Business Wireless Access Points Social Login Guest User Authentication Bypass Vulnerability

Vendor Cisco
Product Cisco Business Wireless Access Point Software
Weakness CWE-288
Published May 18, 2023
Last update October 25, 2024

CVSS base score

4.7/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication.

Key dates

02Disclosure timeline

May 18, 2023 CVE published
October 25, 2024 Record updated