CVE-2023-20063 — Code Injection in Cisco Firepower Threat Defense

CWE-94 — Code Injection CWE-20 — Improper Input Validation4 documents4 sources

Severity

8.2HIGHNVD

EPSS

0.0%

top 89.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Firepower Threat Defense Cisco Secure Firewall Management Center Cisco Firepower Management Center +1 more

Timeline

PublishedNov 1

Description

A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC) Software could allow an authenticated, local attacker to execute arbitrary commands with root permissions on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by accessin…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages4 packages

▶CVEListV5cisco/cisco_firepower_threat_defense_software90 versions+89

▶NVDcisco/firepower_threat_defense6.2.3 — 6.2.3.18+6

▶CVEListV5cisco/cisco_firepower_management_center91 versions+90

▶NVDcisco/secure_firewall_management_center6.2.3 — 6.2.3.18+5

🔴Vulnerability Details

GHSA

GHSA-q7p5-7677-gx8j: A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and device↗2023-11-01

▶

CVEList

Cisco Cisco Firepower Threat Defense Software and Cisco Firepower Management Center Code Injection Vulnerability↗2023-11-01

▶

📋Vendor Advisories

Cisco

Cisco Firepower Threat Defense Software and Firepower Management Center Software Code Injection Vulnerability↗2023-11-01

▶