CVE-2023-20234 : A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated,

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability.

Published 2023-08-23 19:15:08

Updated 2024-01-25 17:15:40

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: File inclusion

Products affected by CVE-2023-20234

Cisco » Firepower Extensible Operating System » Version: N/A
cpe:2.3:a:cisco:firepower_extensible_operating_system:-:*:*:*:*:*:*:*
Matching versions
When used together with: Cisco » Firepower 1000 » Version: N/A
When used together with: Cisco » Firepower 1010 » Version: N/A
When used together with: Cisco » Firepower 1020 » Version: N/A
When used together with: Cisco » Firepower 1030 » Version: N/A
When used together with: Cisco » Firepower 1040 » Version: N/A
When used together with: Cisco » Firepower 2100 » Version: N/A
When used together with: Cisco » Firepower 2110 » Version: N/A
When used together with: Cisco » Firepower 2120 » Version: N/A
When used together with: Cisco » Firepower 2130 » Version: N/A
When used together with: Cisco » Firepower 2140 » Version: N/A
When used together with: Cisco » Firepower 4100 » Version: N/A
When used together with: Cisco » Firepower 4110 » Version: N/A
When used together with: Cisco » Firepower 4110 Next-generation Firewall » Version: N/A
When used together with: Cisco » Firepower 4112 » Version: N/A
When used together with: Cisco » Firepower 4115 » Version: N/A
When used together with: Cisco » Firepower 4120 » Version: N/A
When used together with: Cisco » Firepower 4120 Next-generation Firewall » Version: N/A
When used together with: Cisco » Firepower 4125 » Version: N/A
When used together with: Cisco » Firepower 4140 » Version: N/A
When used together with: Cisco » Firepower 4140 Next-generation Firewall » Version: N/A
When used together with: Cisco » Firepower 4145 » Version: N/A
When used together with: Cisco » Firepower 4150 » Version: N/A
When used together with: Cisco » Firepower 4150 Next-generation Firewall » Version: N/A
When used together with: Cisco » Firepower 9300 » Version: N/A
When used together with: Cisco » Firepower 9300 Security Appliance » Version: N/A
When used together with: Cisco » Firepower 9300 Sm-24 » Version: N/A
When used together with: Cisco » Firepower 9300 Sm-36 » Version: N/A
When used together with: Cisco » Firepower 9300 Sm-40 » Version: N/A
When used together with: Cisco » Firepower 9300 Sm-44 » Version: N/A
When used together with: Cisco » Firepower 9300 Sm-44 X 3 » Version: N/A
When used together with: Cisco » Firepower 9300 Sm-48 » Version: N/A
When used together with: Cisco » Firepower 9300 Sm-56 » Version: N/A
When used together with: Cisco » Firepower 9300 Sm-56 X 3 » Version: N/A
When used together with: Cisco » Firepower 9300 With 1 Sm-24 Module » Version: N/A
When used together with: Cisco » Firepower 9300 With 1 Sm-36 Module » Version: N/A
When used together with: Cisco » Firepower 9300 With 1 Sm-44 Module » Version: N/A
When used together with: Cisco » Firepower 9300 With 3 Sm-44 Module » Version: N/A
When used together with: Cisco » Secure Firewall 3105 » Version: N/A
When used together with: Cisco » Secure Firewall 3110 » Version: N/A
When used together with: Cisco » Secure Firewall 3120 » Version: N/A
When used together with: Cisco » Secure Firewall 3130 » Version: N/A
When used together with: Cisco » Secure Firewall 3140 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-20234

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 3 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-20234

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.0	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H	0.8	5.2	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: High
4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N	0.8	3.6	Cisco Systems, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2023-20234

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

Assigned by: ykramarz@cisco.com (Secondary)
CWE-732 Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-20234

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-arbitrary-file-BLk6YupL

Cisco FXOS Software Arbitrary File Write Vulnerability
Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-20234

Products affected by CVE-2023-20234

Exploit prediction scoring system (EPSS) score for CVE-2023-20234

CVSS scores for CVE-2023-20234

CWE ids for CVE-2023-20234

References for CVE-2023-20234