CVE-2023-20219

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-20219
Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
History

26 Nov 2024, 16:09

Type Values Removed Values Added
CPE cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
First Time Cisco secure Firewall Management Center
First Time Cisco secure Firewall Management Center
CPE cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*

21 Nov 2024, 07:40

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8 		v2 : unknown
v3 : 7.2
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX - Vendor Advisory () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX - Vendor Advisory

09 Nov 2023, 17:31

Type Values Removed Values Added
First Time Cisco firepower Management Center
Cisco
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CWE CWE-77
CPE cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*
References (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX - (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX - Vendor Advisory

01 Nov 2023, 18:17

Type Values Removed Values Added
New CVE
Information

Published : 2023-11-01 18:15

Updated : 2024-11-26 16:09

NVD link : CVE-2023-20219

Mitre link : CVE-2023-20219

CVE.ORG link : CVE-2023-20219

JSON object : View

Products Affected

cisco

  • secure_firewall_management_center
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')