CVE-2023-20114External Control of File Name or Path in Cisco Secure Firewall Management Center

CWE-73External Control of File Name or PathCWE-20Improper Input Validation5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 62.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Secure Firewall Management CenterCisco Firepower Management Center
Timeline
PublishedNov 1

Description

A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit this vulnerability by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from the affected system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5cisco/cisco_firepower_management_center26 versions+25
NVDcisco/secure_firewall_management_center6.2.36.2.3.18+6

🔴Vulnerability Details

2
GHSA
GHSA-vhwf-m5vw-3pfx: A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to down2023-11-01
CVEList
CVE-2023-20114: A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to down2023-11-01

📋Vendor Advisories

1
Cisco
Cisco Firepower Management Center Software Arbitrary File Download Vulnerability2023-11-01

💬Community

1
Bugzilla
CVE-2023-3863 kernel: use-after-free in nfc_llcp_find_loca in net/nfc/llcp_core.c2023-07-24
CVE-2023-20114 — External Control of File Name or Path | cvebase