Lucene search

CiscoCVE-2023-20219

HistoryNov 01, 2023 - 6:15 p.m.

CVE-2023-20219

2023-11-0118:15:09

CWE-78

CWE-77

cisco

web.nvd.nist.gov

cisco

fmc

software

vulnerability

web management

remote code execution

cve-2023-20219

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

36.0%

JSON

Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device.

Affected configurations

Nvd

Node

ciscofirepower_management_centerRange6.2.3–6.2.3.18

ciscofirepower_management_centerRange6.4.0–6.4.0.16

ciscofirepower_management_centerRange6.6.0–6.6.7.1

ciscofirepower_management_centerRange7.0.0–7.0.5

ciscofirepower_management_centerRange7.1.0–7.1.0.3

ciscofirepower_management_centerRange7.2.0–7.2.3.1

ciscofirepower_management_centerRange7.3.0–7.3.1.1

VendorProductVersionCPE
ciscofirepower_management_center*cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	firepower_management_center	*	cpe:2.3:a:cisco:firepower_management_center::::::::

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Firepower Management Center",
    "versions": [
      {
        "version": "6.7.0",
        "status": "affected"
      },
      {
        "version": "6.7.0.1",
        "status": "affected"
      },
      {
        "version": "6.7.0.2",
        "status": "affected"
      },
      {
        "version": "6.7.0.3",
        "status": "affected"
      },
      {
        "version": "7.0.0",
        "status": "affected"
      },
      {
        "version": "7.0.0.1",
        "status": "affected"
      },
      {
        "version": "7.0.1",
        "status": "affected"
      },
      {
        "version": "7.0.1.1",
        "status": "affected"
      },
      {
        "version": "7.0.2",
        "status": "affected"
      },
      {
        "version": "7.0.2.1",
        "status": "affected"
      },
      {
        "version": "7.0.3",
        "status": "affected"
      },
      {
        "version": "7.0.4",
        "status": "affected"
      },
      {
        "version": "7.0.5",
        "status": "affected"
      },
      {
        "version": "7.1.0",
        "status": "affected"
      },
      {
        "version": "7.1.0.1",
        "status": "affected"
      },
      {
        "version": "7.1.0.2",
        "status": "affected"
      },
      {
        "version": "7.1.0.3",
        "status": "affected"
      },
      {
        "version": "7.2.0",
        "status": "affected"
      },
      {
        "version": "7.2.1",
        "status": "affected"
      },
      {
        "version": "7.2.2",
        "status": "affected"
      },
      {
        "version": "7.2.0.1",
        "status": "affected"
      },
      {
        "version": "7.2.3",
        "status": "affected"
      },
      {
        "version": "7.2.3.1",
        "status": "affected"
      },
      {
        "version": "7.2.4",
        "status": "affected"
      },
      {
        "version": "7.3.0",
        "status": "affected"
      },
      {
        "version": "7.3.1",
        "status": "affected"
      },
      {
        "version": "7.3.1.1",
        "status": "affected"
      }
    ]
  }
]