CVE-2023-20220

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-20220
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device credentials, but does not need Administrator privileges. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device, including on the underlying operating system, which could also affect the availability of the device.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX Vendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
History

26 Nov 2024, 16:09

Type Values Removed Values Added
CPE cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
First Time Cisco secure Firewall Management Center
CPE cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
First Time Cisco secure Firewall Management Center

21 Nov 2024, 07:40

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8 		v2 : unknown
v3 : 7.2
References () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX - Vendor Advisory () https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX - Vendor Advisory

09 Nov 2023, 17:37

Type Values Removed Values Added
First Time Cisco firepower Management Center
Cisco
References (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX - (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmdinj-bTEgufOX - Vendor Advisory
CPE cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
CWE CWE-77

01 Nov 2023, 18:17

Type Values Removed Values Added
New CVE
Information

Published : 2023-11-01 18:15

Updated : 2024-11-26 16:09

NVD link : CVE-2023-20220

Mitre link : CVE-2023-20220

CVE.ORG link : CVE-2023-20220

JSON object : View

Products Affected

cisco

  • secure_firewall_management_center
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')