CVE-2023-20234

CVE Database · CVE-2023-20234

CVE-2023-20234

· MEDIUMModified

CVSS v3.1

4.4

EPSS

0.17%

Published

Aug 23, 2023

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-73CWE-732

Affected Products (43)

cisco · firepower_extensible_operating_systemvulnerable

cisco · firepower_1000

cisco · firepower_1010

cisco · firepower_1020

cisco · firepower_1030

cisco · firepower_1040

cisco · firepower_2100

cisco · firepower_2110

cisco · firepower_2120

cisco · firepower_2130

cisco · firepower_2140

cisco · firepower_4100

cisco · firepower_4110

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-arbitrary-file-BLk6YupL

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-arbitrary-file-BLk6YupL

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs