Lucene search

[email protected]NVD:CVE-2023-20234

HistoryAug 23, 2023 - 7:15 p.m.

CVE-2023-20234

2023-08-2319:15:08

CWE-732

CWE-73

[email protected]

web.nvd.nist.gov

vulnerability

cisco fxos software

cli

authenticated

local attacker

files

system files

filesystem

parameters validation

exploit

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files.

The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability.

Affected configurations

NVD

Node

ciscofirepower_extensible_operating_systemMatch-

AND

ciscofirepower_1000Match-

ciscofirepower_1010Match-

ciscofirepower_1020Match-

ciscofirepower_1030Match-

ciscofirepower_1040Match-

ciscofirepower_2100Match-

ciscofirepower_2110Match-

ciscofirepower_2120Match-

ciscofirepower_2130Match-

ciscofirepower_2140Match-

ciscofirepower_4100Match-

ciscofirepower_4110Match-

ciscofirepower_4110_next-generation_firewallMatch-

ciscofirepower_4112Match-

ciscofirepower_4115Match-

ciscofirepower_4120Match-

ciscofirepower_4120_next-generation_firewallMatch-

ciscofirepower_4125Match-

ciscofirepower_4140Match-

ciscofirepower_4140_next-generation_firewallMatch-

ciscofirepower_4145Match-

ciscofirepower_4150Match-

ciscofirepower_4150_next-generation_firewallMatch-

ciscofirepower_9300Match-

ciscofirepower_9300_security_applianceMatch-

ciscofirepower_9300_sm-24Match-

ciscofirepower_9300_sm-36Match-

ciscofirepower_9300_sm-40Match-

ciscofirepower_9300_sm-44Match-

ciscofirepower_9300_sm-44_x_3Match-

ciscofirepower_9300_sm-48Match-

ciscofirepower_9300_sm-56Match-

ciscofirepower_9300_sm-56_x_3Match-

ciscofirepower_9300_with_1_sm-24_moduleMatch-

ciscofirepower_9300_with_1_sm-36_moduleMatch-

ciscofirepower_9300_with_1_sm-44_moduleMatch-

ciscofirepower_9300_with_3_sm-44_moduleMatch-

ciscosecure_firewall_3105Match-

ciscosecure_firewall_3110Match-

ciscosecure_firewall_3120Match-

ciscosecure_firewall_3130Match-

ciscosecure_firewall_3140Match-

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-arbitrary-file-BLk6YupL

6 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2023-20234

cve1 prion1 cvelist1 cisco1