Vulnerability Bulletins

Cisco Nexus 3000 and 9000 Series Switches SFTP Server File Access Vulnerability

System information

Affected software Cisco


A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a

More info:

Standar resources

Property Value
CVE CVE-2023-20115.

Version history

Version Comments Date
1.0 Advisory issued 2023-08-24
Ministerio de Defensa