CVE-2023-20234 — External Control of File Name or Path in Cisco Adaptive Security Appliance Software

CWE-73 — External Control of File Name or Path CWE-732 — Incorrect Permission Assignment4 documents4 sources

Severity

6.0MEDIUMNVD

CNA4.4

EPSS

0.0%

top 95.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Adaptive Security Appliance Software Cisco Firepower Extensible Operating System Cisco Firepower Threat Defense Software

Timeline

PublishedAug 23

Description

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 0.8 | Impact: 5.2

Affected Packages3 packages

▶CVEListV5cisco/cisco_firepower_extensible_operating_system85 versions+84

▶CVEListV5cisco/cisco_firepower_threat_defense_software71 versions+70

▶CVEListV5cisco/cisco_adaptive_security_appliance_software147 versions+146

🔴Vulnerability Details

GHSA

GHSA-vgmc-qr4h-h4cx: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesyste↗2023-08-23

▶

CVEList

CVE-2023-20234: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesyste↗2023-08-23

▶

📋Vendor Advisories

Cisco

Cisco FXOS Software Arbitrary File Write Vulnerability↗2023-08-23

▶