Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2023-2125
Vulnerability from csaf_certbund
Published
2023-08-23 22:00
Modified
2023-08-23 22:00
Summary
Cisco FXOS: Schwachstelle ermöglicht Manipulation von Dateien
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
FXOS (FirePOWER eXtensible Operating System) ist ein Betriebssystem für Cisco Firepower Appliances
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in Cisco FXOS ausnutzen, um Dateien zu manipulieren.
Betroffene Betriebssysteme
- CISCO Appliance
{
"document": {
"aggregate_severity": {
"text": "niedrig"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "FXOS (FirePOWER eXtensible Operating System) ist ein Betriebssystem f\u00fcr Cisco Firepower Appliances",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in Cisco FXOS ausnutzen, um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- CISCO Appliance",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2125 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2125.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2125 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2125"
},
{
"category": "external",
"summary": "Cisco Security Advisory vom 2023-08-23",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-arbitrary-file-BLk6YupL"
}
],
"source_lang": "en-US",
"title": "Cisco FXOS: Schwachstelle erm\u00f6glicht Manipulation von Dateien",
"tracking": {
"current_release_date": "2023-08-23T22:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:41:15.953+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-2125",
"initial_release_date": "2023-08-23T22:00:00.000+00:00",
"revision_history": [
{
"date": "2023-08-23T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cisco FXOS Firepower 1000 Series",
"product": {
"name": "Cisco FXOS Firepower 1000 Series",
"product_id": "T029479",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:fxos:firepower_1000_series"
}
}
},
{
"category": "product_name",
"name": "Cisco FXOS Firepower 2100 Series",
"product": {
"name": "Cisco FXOS Firepower 2100 Series",
"product_id": "T029480",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:fxos:firepower_2100_series"
}
}
},
{
"category": "product_name",
"name": "Cisco FXOS Firepower 4100 Series",
"product": {
"name": "Cisco FXOS Firepower 4100 Series",
"product_id": "T029481",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:fxos:firepower_4100_series"
}
}
},
{
"category": "product_name",
"name": "Cisco FXOS Firepower 9300 Security Appliances",
"product": {
"name": "Cisco FXOS Firepower 9300 Security Appliances",
"product_id": "T029482",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:fxos:firepower_9300_security_appliances"
}
}
},
{
"category": "product_name",
"name": "Cisco FXOS Secure Firewall 3100 Series",
"product": {
"name": "Cisco FXOS Secure Firewall 3100 Series",
"product_id": "T029483",
"product_identification_helper": {
"cpe": "cpe:/o:cisco:fxos:secure_firewall_3100_series"
}
}
}
],
"category": "product_name",
"name": "FXOS"
}
],
"category": "vendor",
"name": "Cisco"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-20234",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Cisco FXOS. Diese ist darauf zur\u00fcckzuf\u00fchren, dass es keine Validierung von Parametern bei Eingaben auf der Kommandozeile gibt. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um eine Datei zu erstellen oder eine beliebige Datei im Dateisystem eines betroffenen Ger\u00e4ts zu \u00fcberschreiben, einschlie\u00dflich Systemdateien,"
}
],
"product_status": {
"known_affected": [
"T029483",
"T029482",
"T029481",
"T029480",
"T029479"
]
},
"release_date": "2023-08-23T22:00:00Z",
"title": "CVE-2023-20234"
}
]
}
cve-2023-20234
Vulnerability from cvelistv5
Published
2023-08-23 18:21
Modified
2024-08-02 09:05
Severity ?
EPSS score ?
Summary
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files.
The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability.
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Cisco | Cisco Adaptive Security Appliance (ASA) Software |
Version: 9.8.2 Version: 9.8.2.8 Version: 9.8.2.14 Version: 9.8.2.15 Version: 9.8.2.17 Version: 9.8.2.20 Version: 9.8.2.24 Version: 9.8.2.26 Version: 9.8.2.28 Version: 9.8.2.33 Version: 9.8.2.35 Version: 9.8.2.38 Version: 9.8.3.8 Version: 9.8.3.11 Version: 9.8.3.14 Version: 9.8.3.16 Version: 9.8.3.18 Version: 9.8.3.21 Version: 9.8.3 Version: 9.8.3.26 Version: 9.8.3.29 Version: 9.8.4 Version: 9.8.4.3 Version: 9.8.4.7 Version: 9.8.4.8 Version: 9.8.4.10 Version: 9.8.4.12 Version: 9.8.4.15 Version: 9.8.4.17 Version: 9.8.4.25 Version: 9.8.4.20 Version: 9.8.4.22 Version: 9.8.4.26 Version: 9.8.4.29 Version: 9.8.4.32 Version: 9.8.4.34 Version: 9.8.4.35 Version: 9.8.4.39 Version: 9.8.4.40 Version: 9.8.4.41 Version: 9.8.4.43 Version: 9.8.4.44 Version: 9.8.4.45 Version: 9.8.4.46 Version: 9.8.4.48 Version: 9.12.1 Version: 9.12.1.2 Version: 9.12.1.3 Version: 9.12.2 Version: 9.12.2.5 Version: 9.12.2.9 Version: 9.12.3 Version: 9.12.3.2 Version: 9.12.3.7 Version: 9.12.4 Version: 9.12.3.12 Version: 9.12.3.9 Version: 9.12.2.1 Version: 9.12.4.2 Version: 9.12.4.4 Version: 9.12.4.7 Version: 9.12.4.10 Version: 9.12.4.13 Version: 9.12.4.8 Version: 9.12.4.18 Version: 9.12.4.24 Version: 9.12.4.26 Version: 9.12.4.29 Version: 9.12.4.30 Version: 9.12.4.35 Version: 9.12.4.37 Version: 9.12.4.38 Version: 9.12.4.39 Version: 9.12.4.40 Version: 9.12.4.41 Version: 9.12.4.47 Version: 9.12.4.48 Version: 9.12.4.50 Version: 9.12.4.52 Version: 9.12.4.54 Version: 9.12.4.55 Version: 9.12.4.56 Version: 9.14.1 Version: 9.14.1.10 Version: 9.14.1.15 Version: 9.14.1.19 Version: 9.14.1.30 Version: 9.14.2 Version: 9.14.2.4 Version: 9.14.2.8 Version: 9.14.2.13 Version: 9.14.2.15 Version: 9.14.3 Version: 9.14.3.1 Version: 9.14.3.9 Version: 9.14.3.11 Version: 9.14.3.13 Version: 9.14.3.18 Version: 9.14.3.15 Version: 9.14.4 Version: 9.14.4.6 Version: 9.14.4.7 Version: 9.14.4.12 Version: 9.14.4.13 Version: 9.14.4.14 Version: 9.14.4.15 Version: 9.14.4.17 Version: 9.14.4.22 Version: 9.15.1 Version: 9.15.1.7 Version: 9.15.1.10 Version: 9.15.1.15 Version: 9.15.1.16 Version: 9.15.1.17 Version: 9.15.1.1 Version: 9.15.1.21 Version: 9.16.1 Version: 9.16.1.28 Version: 9.16.2 Version: 9.16.2.3 Version: 9.16.2.7 Version: 9.16.2.11 Version: 9.16.2.13 Version: 9.16.2.14 Version: 9.16.3 Version: 9.16.3.3 Version: 9.16.3.14 Version: 9.16.3.15 Version: 9.16.3.19 Version: 9.16.3.23 Version: 9.16.4 Version: 9.16.4.9 Version: 9.17.1 Version: 9.17.1.7 Version: 9.17.1.9 Version: 9.17.1.10 Version: 9.17.1.11 Version: 9.17.1.13 Version: 9.17.1.15 Version: 9.17.1.20 Version: 9.18.1 Version: 9.18.1.3 Version: 9.18.2 Version: 9.18.2.5 Version: 9.18.2.7 Version: 9.18.2.8 Version: 9.19.1 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-fxos-arbitrary-file-BLk6YupL",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-arbitrary-file-BLk6YupL"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco Adaptive Security Appliance (ASA) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "9.8.2"
},
{
"status": "affected",
"version": "9.8.2.8"
},
{
"status": "affected",
"version": "9.8.2.14"
},
{
"status": "affected",
"version": "9.8.2.15"
},
{
"status": "affected",
"version": "9.8.2.17"
},
{
"status": "affected",
"version": "9.8.2.20"
},
{
"status": "affected",
"version": "9.8.2.24"
},
{
"status": "affected",
"version": "9.8.2.26"
},
{
"status": "affected",
"version": "9.8.2.28"
},
{
"status": "affected",
"version": "9.8.2.33"
},
{
"status": "affected",
"version": "9.8.2.35"
},
{
"status": "affected",
"version": "9.8.2.38"
},
{
"status": "affected",
"version": "9.8.3.8"
},
{
"status": "affected",
"version": "9.8.3.11"
},
{
"status": "affected",
"version": "9.8.3.14"
},
{
"status": "affected",
"version": "9.8.3.16"
},
{
"status": "affected",
"version": "9.8.3.18"
},
{
"status": "affected",
"version": "9.8.3.21"
},
{
"status": "affected",
"version": "9.8.3"
},
{
"status": "affected",
"version": "9.8.3.26"
},
{
"status": "affected",
"version": "9.8.3.29"
},
{
"status": "affected",
"version": "9.8.4"
},
{
"status": "affected",
"version": "9.8.4.3"
},
{
"status": "affected",
"version": "9.8.4.7"
},
{
"status": "affected",
"version": "9.8.4.8"
},
{
"status": "affected",
"version": "9.8.4.10"
},
{
"status": "affected",
"version": "9.8.4.12"
},
{
"status": "affected",
"version": "9.8.4.15"
},
{
"status": "affected",
"version": "9.8.4.17"
},
{
"status": "affected",
"version": "9.8.4.25"
},
{
"status": "affected",
"version": "9.8.4.20"
},
{
"status": "affected",
"version": "9.8.4.22"
},
{
"status": "affected",
"version": "9.8.4.26"
},
{
"status": "affected",
"version": "9.8.4.29"
},
{
"status": "affected",
"version": "9.8.4.32"
},
{
"status": "affected",
"version": "9.8.4.34"
},
{
"status": "affected",
"version": "9.8.4.35"
},
{
"status": "affected",
"version": "9.8.4.39"
},
{
"status": "affected",
"version": "9.8.4.40"
},
{
"status": "affected",
"version": "9.8.4.41"
},
{
"status": "affected",
"version": "9.8.4.43"
},
{
"status": "affected",
"version": "9.8.4.44"
},
{
"status": "affected",
"version": "9.8.4.45"
},
{
"status": "affected",
"version": "9.8.4.46"
},
{
"status": "affected",
"version": "9.8.4.48"
},
{
"status": "affected",
"version": "9.12.1"
},
{
"status": "affected",
"version": "9.12.1.2"
},
{
"status": "affected",
"version": "9.12.1.3"
},
{
"status": "affected",
"version": "9.12.2"
},
{
"status": "affected",
"version": "9.12.2.5"
},
{
"status": "affected",
"version": "9.12.2.9"
},
{
"status": "affected",
"version": "9.12.3"
},
{
"status": "affected",
"version": "9.12.3.2"
},
{
"status": "affected",
"version": "9.12.3.7"
},
{
"status": "affected",
"version": "9.12.4"
},
{
"status": "affected",
"version": "9.12.3.12"
},
{
"status": "affected",
"version": "9.12.3.9"
},
{
"status": "affected",
"version": "9.12.2.1"
},
{
"status": "affected",
"version": "9.12.4.2"
},
{
"status": "affected",
"version": "9.12.4.4"
},
{
"status": "affected",
"version": "9.12.4.7"
},
{
"status": "affected",
"version": "9.12.4.10"
},
{
"status": "affected",
"version": "9.12.4.13"
},
{
"status": "affected",
"version": "9.12.4.8"
},
{
"status": "affected",
"version": "9.12.4.18"
},
{
"status": "affected",
"version": "9.12.4.24"
},
{
"status": "affected",
"version": "9.12.4.26"
},
{
"status": "affected",
"version": "9.12.4.29"
},
{
"status": "affected",
"version": "9.12.4.30"
},
{
"status": "affected",
"version": "9.12.4.35"
},
{
"status": "affected",
"version": "9.12.4.37"
},
{
"status": "affected",
"version": "9.12.4.38"
},
{
"status": "affected",
"version": "9.12.4.39"
},
{
"status": "affected",
"version": "9.12.4.40"
},
{
"status": "affected",
"version": "9.12.4.41"
},
{
"status": "affected",
"version": "9.12.4.47"
},
{
"status": "affected",
"version": "9.12.4.48"
},
{
"status": "affected",
"version": "9.12.4.50"
},
{
"status": "affected",
"version": "9.12.4.52"
},
{
"status": "affected",
"version": "9.12.4.54"
},
{
"status": "affected",
"version": "9.12.4.55"
},
{
"status": "affected",
"version": "9.12.4.56"
},
{
"status": "affected",
"version": "9.14.1"
},
{
"status": "affected",
"version": "9.14.1.10"
},
{
"status": "affected",
"version": "9.14.1.15"
},
{
"status": "affected",
"version": "9.14.1.19"
},
{
"status": "affected",
"version": "9.14.1.30"
},
{
"status": "affected",
"version": "9.14.2"
},
{
"status": "affected",
"version": "9.14.2.4"
},
{
"status": "affected",
"version": "9.14.2.8"
},
{
"status": "affected",
"version": "9.14.2.13"
},
{
"status": "affected",
"version": "9.14.2.15"
},
{
"status": "affected",
"version": "9.14.3"
},
{
"status": "affected",
"version": "9.14.3.1"
},
{
"status": "affected",
"version": "9.14.3.9"
},
{
"status": "affected",
"version": "9.14.3.11"
},
{
"status": "affected",
"version": "9.14.3.13"
},
{
"status": "affected",
"version": "9.14.3.18"
},
{
"status": "affected",
"version": "9.14.3.15"
},
{
"status": "affected",
"version": "9.14.4"
},
{
"status": "affected",
"version": "9.14.4.6"
},
{
"status": "affected",
"version": "9.14.4.7"
},
{
"status": "affected",
"version": "9.14.4.12"
},
{
"status": "affected",
"version": "9.14.4.13"
},
{
"status": "affected",
"version": "9.14.4.14"
},
{
"status": "affected",
"version": "9.14.4.15"
},
{
"status": "affected",
"version": "9.14.4.17"
},
{
"status": "affected",
"version": "9.14.4.22"
},
{
"status": "affected",
"version": "9.15.1"
},
{
"status": "affected",
"version": "9.15.1.7"
},
{
"status": "affected",
"version": "9.15.1.10"
},
{
"status": "affected",
"version": "9.15.1.15"
},
{
"status": "affected",
"version": "9.15.1.16"
},
{
"status": "affected",
"version": "9.15.1.17"
},
{
"status": "affected",
"version": "9.15.1.1"
},
{
"status": "affected",
"version": "9.15.1.21"
},
{
"status": "affected",
"version": "9.16.1"
},
{
"status": "affected",
"version": "9.16.1.28"
},
{
"status": "affected",
"version": "9.16.2"
},
{
"status": "affected",
"version": "9.16.2.3"
},
{
"status": "affected",
"version": "9.16.2.7"
},
{
"status": "affected",
"version": "9.16.2.11"
},
{
"status": "affected",
"version": "9.16.2.13"
},
{
"status": "affected",
"version": "9.16.2.14"
},
{
"status": "affected",
"version": "9.16.3"
},
{
"status": "affected",
"version": "9.16.3.3"
},
{
"status": "affected",
"version": "9.16.3.14"
},
{
"status": "affected",
"version": "9.16.3.15"
},
{
"status": "affected",
"version": "9.16.3.19"
},
{
"status": "affected",
"version": "9.16.3.23"
},
{
"status": "affected",
"version": "9.16.4"
},
{
"status": "affected",
"version": "9.16.4.9"
},
{
"status": "affected",
"version": "9.17.1"
},
{
"status": "affected",
"version": "9.17.1.7"
},
{
"status": "affected",
"version": "9.17.1.9"
},
{
"status": "affected",
"version": "9.17.1.10"
},
{
"status": "affected",
"version": "9.17.1.11"
},
{
"status": "affected",
"version": "9.17.1.13"
},
{
"status": "affected",
"version": "9.17.1.15"
},
{
"status": "affected",
"version": "9.17.1.20"
},
{
"status": "affected",
"version": "9.18.1"
},
{
"status": "affected",
"version": "9.18.1.3"
},
{
"status": "affected",
"version": "9.18.2"
},
{
"status": "affected",
"version": "9.18.2.5"
},
{
"status": "affected",
"version": "9.18.2.7"
},
{
"status": "affected",
"version": "9.18.2.8"
},
{
"status": "affected",
"version": "9.19.1"
}
]
},
{
"product": "Cisco Firepower Threat Defense Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "6.2.3"
},
{
"status": "affected",
"version": "6.2.3.1"
},
{
"status": "affected",
"version": "6.2.3.2"
},
{
"status": "affected",
"version": "6.2.3.3"
},
{
"status": "affected",
"version": "6.2.3.4"
},
{
"status": "affected",
"version": "6.2.3.5"
},
{
"status": "affected",
"version": "6.2.3.6"
},
{
"status": "affected",
"version": "6.2.3.7"
},
{
"status": "affected",
"version": "6.2.3.8"
},
{
"status": "affected",
"version": "6.2.3.10"
},
{
"status": "affected",
"version": "6.2.3.11"
},
{
"status": "affected",
"version": "6.2.3.9"
},
{
"status": "affected",
"version": "6.2.3.12"
},
{
"status": "affected",
"version": "6.2.3.13"
},
{
"status": "affected",
"version": "6.2.3.14"
},
{
"status": "affected",
"version": "6.2.3.15"
},
{
"status": "affected",
"version": "6.2.3.16"
},
{
"status": "affected",
"version": "6.2.3.17"
},
{
"status": "affected",
"version": "6.2.3.18"
},
{
"status": "affected",
"version": "6.6.0"
},
{
"status": "affected",
"version": "6.6.0.1"
},
{
"status": "affected",
"version": "6.6.1"
},
{
"status": "affected",
"version": "6.6.3"
},
{
"status": "affected",
"version": "6.6.4"
},
{
"status": "affected",
"version": "6.6.5"
},
{
"status": "affected",
"version": "6.6.5.1"
},
{
"status": "affected",
"version": "6.6.5.2"
},
{
"status": "affected",
"version": "6.6.7"
},
{
"status": "affected",
"version": "6.6.7.1"
},
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.4.0.1"
},
{
"status": "affected",
"version": "6.4.0.3"
},
{
"status": "affected",
"version": "6.4.0.2"
},
{
"status": "affected",
"version": "6.4.0.4"
},
{
"status": "affected",
"version": "6.4.0.5"
},
{
"status": "affected",
"version": "6.4.0.6"
},
{
"status": "affected",
"version": "6.4.0.7"
},
{
"status": "affected",
"version": "6.4.0.8"
},
{
"status": "affected",
"version": "6.4.0.9"
},
{
"status": "affected",
"version": "6.4.0.10"
},
{
"status": "affected",
"version": "6.4.0.11"
},
{
"status": "affected",
"version": "6.4.0.12"
},
{
"status": "affected",
"version": "6.4.0.13"
},
{
"status": "affected",
"version": "6.4.0.14"
},
{
"status": "affected",
"version": "6.4.0.15"
},
{
"status": "affected",
"version": "6.4.0.16"
},
{
"status": "affected",
"version": "6.7.0"
},
{
"status": "affected",
"version": "6.7.0.1"
},
{
"status": "affected",
"version": "6.7.0.2"
},
{
"status": "affected",
"version": "6.7.0.3"
},
{
"status": "affected",
"version": "7.0.0"
},
{
"status": "affected",
"version": "7.0.0.1"
},
{
"status": "affected",
"version": "7.0.1"
},
{
"status": "affected",
"version": "7.0.1.1"
},
{
"status": "affected",
"version": "7.0.2"
},
{
"status": "affected",
"version": "7.0.2.1"
},
{
"status": "affected",
"version": "7.0.3"
},
{
"status": "affected",
"version": "7.0.4"
},
{
"status": "affected",
"version": "7.0.5"
},
{
"status": "affected",
"version": "7.1.0"
},
{
"status": "affected",
"version": "7.1.0.1"
},
{
"status": "affected",
"version": "7.1.0.2"
},
{
"status": "affected",
"version": "7.1.0.3"
},
{
"status": "affected",
"version": "7.2.0"
},
{
"status": "affected",
"version": "7.2.0.1"
},
{
"status": "affected",
"version": "7.2.1"
},
{
"status": "affected",
"version": "7.2.2"
},
{
"status": "affected",
"version": "7.2.3"
},
{
"status": "affected",
"version": "7.3.0"
},
{
"status": "affected",
"version": "7.3.1"
},
{
"status": "affected",
"version": "7.3.1.1"
}
]
},
{
"product": "Cisco Firepower Extensible Operating System (FXOS)",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "2.2.1.63"
},
{
"status": "affected",
"version": "2.2.1.66"
},
{
"status": "affected",
"version": "2.2.1.70"
},
{
"status": "affected",
"version": "2.2.2.17"
},
{
"status": "affected",
"version": "2.2.2.19"
},
{
"status": "affected",
"version": "2.2.2.24"
},
{
"status": "affected",
"version": "2.2.2.26"
},
{
"status": "affected",
"version": "2.2.2.28"
},
{
"status": "affected",
"version": "2.2.2.54"
},
{
"status": "affected",
"version": "2.2.2.60"
},
{
"status": "affected",
"version": "2.2.2.71"
},
{
"status": "affected",
"version": "2.2.2.83"
},
{
"status": "affected",
"version": "2.2.2.86"
},
{
"status": "affected",
"version": "2.2.2.91"
},
{
"status": "affected",
"version": "2.2.2.97"
},
{
"status": "affected",
"version": "2.2.2.101"
},
{
"status": "affected",
"version": "2.2.2.137"
},
{
"status": "affected",
"version": "2.2.2.148"
},
{
"status": "affected",
"version": "2.2.2.149"
},
{
"status": "affected",
"version": "2.3.1.99"
},
{
"status": "affected",
"version": "2.3.1.93"
},
{
"status": "affected",
"version": "2.3.1.91"
},
{
"status": "affected",
"version": "2.3.1.88"
},
{
"status": "affected",
"version": "2.3.1.75"
},
{
"status": "affected",
"version": "2.3.1.73"
},
{
"status": "affected",
"version": "2.3.1.66"
},
{
"status": "affected",
"version": "2.3.1.58"
},
{
"status": "affected",
"version": "2.3.1.130"
},
{
"status": "affected",
"version": "2.3.1.111"
},
{
"status": "affected",
"version": "2.3.1.110"
},
{
"status": "affected",
"version": "2.3.1.144"
},
{
"status": "affected",
"version": "2.3.1.145"
},
{
"status": "affected",
"version": "2.3.1.155"
},
{
"status": "affected",
"version": "2.3.1.166"
},
{
"status": "affected",
"version": "2.3.1.173"
},
{
"status": "affected",
"version": "2.3.1.179"
},
{
"status": "affected",
"version": "2.3.1.180"
},
{
"status": "affected",
"version": "2.3.1.56"
},
{
"status": "affected",
"version": "2.3.1.190"
},
{
"status": "affected",
"version": "2.3.1.215"
},
{
"status": "affected",
"version": "2.3.1.216"
},
{
"status": "affected",
"version": "2.3.1.219"
},
{
"status": "affected",
"version": "2.3.1.230"
},
{
"status": "affected",
"version": "2.6.1.131"
},
{
"status": "affected",
"version": "2.6.1.157"
},
{
"status": "affected",
"version": "2.6.1.166"
},
{
"status": "affected",
"version": "2.6.1.169"
},
{
"status": "affected",
"version": "2.6.1.174"
},
{
"status": "affected",
"version": "2.6.1.187"
},
{
"status": "affected",
"version": "2.6.1.192"
},
{
"status": "affected",
"version": "2.6.1.204"
},
{
"status": "affected",
"version": "2.6.1.214"
},
{
"status": "affected",
"version": "2.6.1.224"
},
{
"status": "affected",
"version": "2.6.1.229"
},
{
"status": "affected",
"version": "2.6.1.230"
},
{
"status": "affected",
"version": "2.6.1.238"
},
{
"status": "affected",
"version": "2.6.1.239"
},
{
"status": "affected",
"version": "2.6.1.254"
},
{
"status": "affected",
"version": "2.6.1.259"
},
{
"status": "affected",
"version": "2.8.1.105"
},
{
"status": "affected",
"version": "2.8.1.125"
},
{
"status": "affected",
"version": "2.8.1.139"
},
{
"status": "affected",
"version": "2.8.1.143"
},
{
"status": "affected",
"version": "2.8.1.152"
},
{
"status": "affected",
"version": "2.8.1.162"
},
{
"status": "affected",
"version": "2.8.1.164"
},
{
"status": "affected",
"version": "2.8.1.172"
},
{
"status": "affected",
"version": "2.8.1.186"
},
{
"status": "affected",
"version": "2.8.1.190"
},
{
"status": "affected",
"version": "2.9.1.131"
},
{
"status": "affected",
"version": "2.9.1.135"
},
{
"status": "affected",
"version": "2.9.1.143"
},
{
"status": "affected",
"version": "2.9.1.150"
},
{
"status": "affected",
"version": "2.9.1.158"
},
{
"status": "affected",
"version": "2.10.1.159"
},
{
"status": "affected",
"version": "2.10.1.166"
},
{
"status": "affected",
"version": "2.10.1.179"
},
{
"status": "affected",
"version": "2.10.1.207"
},
{
"status": "affected",
"version": "2.10.1.234"
},
{
"status": "affected",
"version": "2.11.1.154"
},
{
"status": "affected",
"version": "2.11.1.182"
},
{
"status": "affected",
"version": "2.12.0.31"
},
{
"status": "affected",
"version": "2.12.0.432"
},
{
"status": "affected",
"version": "2.12.0.450"
},
{
"status": "affected",
"version": "2.13.0.198"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files.\r\n\r The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "External Control of File Name or Path",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:27.496Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-fxos-arbitrary-file-BLk6YupL",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-arbitrary-file-BLk6YupL"
}
],
"source": {
"advisory": "cisco-sa-fxos-arbitrary-file-BLk6YupL",
"defects": [
"CSCwb91812",
"CSCwd35722",
"CSCwd05772",
"CSCwd35726"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20234",
"datePublished": "2023-08-23T18:21:02.413Z",
"dateReserved": "2022-10-27T18:47:50.369Z",
"dateUpdated": "2024-08-02T09:05:35.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.