Vulnerability Details : CVE-2023-20114
A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit this vulnerability by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from the affected system.
Products affected by CVE-2023-20114
- Cisco » Secure Firewall Management CenterVersions from including (>=) 6.2.3 and up to, including, (<=) 6.2.3.18cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
- Cisco » Secure Firewall Management CenterVersions from including (>=) 7.1.0 and up to, including, (<=) 7.1.0.3cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
- Cisco » Secure Firewall Management CenterVersions from including (>=) 6.4.0 and up to, including, (<=) 6.4.0.16cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
- Cisco » Secure Firewall Management CenterVersions from including (>=) 7.0.0 and up to, including, (<=) 7.0.5cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
- Cisco » Secure Firewall Management CenterVersions from including (>=) 6.6.0 and up to, including, (<=) 6.6.7.1cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
- Cisco » Secure Firewall Management CenterVersions from including (>=) 7.3.0 and up to, including, (<=) 7.3.1.1cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
- Cisco » Secure Firewall Management CenterVersions from including (>=) 7.2.0 and up to, including, (<=) 7.2.3.1cpe:2.3:a:cisco:secure_firewall_management_center:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-20114
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-20114
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
2.8
|
3.6
|
Cisco Systems, Inc. |
CWE ids for CVE-2023-20114
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product allows user input to control or influence paths or file names that are used in filesystem operations.Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2023-20114
-
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-download-7js4ug2J
Cisco Firepower Management Center Software Arbitrary File Download VulnerabilityVendor Advisory
Jump to