Vulnerability Description
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Firepower Extensible Operating System | - |
| Cisco | Firepower 1000 | - |
| Cisco | Firepower 1010 | - |
| Cisco | Firepower 1020 | - |
| Cisco | Firepower 1030 | - |
| Cisco | Firepower 1040 | - |
| Cisco | Firepower 2100 | - |
| Cisco | Firepower 2110 | - |
| Cisco | Firepower 2120 | - |
| Cisco | Firepower 2130 | - |
| Cisco | Firepower 2140 | - |
| Cisco | Firepower 4100 | - |
| Cisco | Firepower 4110 | - |
| Cisco | Firepower 4110 Next-Generation Firewall | - |
| Cisco | Firepower 4112 | - |
| Cisco | Firepower 4115 | - |
| Cisco | Firepower 4120 | - |
| Cisco | Firepower 4120 Next-Generation Firewall | - |
| Cisco | Firepower 4125 | - |
| Cisco | Firepower 4140 | - |
Related Weaknesses (CWE)
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
FAQ
What is CVE-2023-20234?
CVE-2023-20234 is a vulnerability with a CVSS score of 4.4 (MEDIUM). A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. ...
How severe is CVE-2023-20234?
CVE-2023-20234 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-20234?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Firepower Extensible Operating System, Cisco Firepower 1000, Cisco Firepower 1010, Cisco Firepower 1020, Cisco Firepower 1030.