CVE-2023-20015

Summary

CVE	CVE-2023-20015
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-02-23 20:15:00 UTC
Updated	2023-11-07 04:05:00 UTC
Description	A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges.

Risk And Classification

Problem Types: CWE-78

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Cisco	Firepower 4100	-	All	All	All
Hardware	Cisco	Firepower 4110	-	All	All	All
Hardware	Cisco	Firepower 4112	-	All	All	All
Hardware	Cisco	Firepower 4115	-	All	All	All
Hardware	Cisco	Firepower 4120	-	All	All	All
Hardware	Cisco	Firepower 4125	-	All	All	All
Hardware	Cisco	Firepower 4140	-	All	All	All
Hardware	Cisco	Firepower 4145	-	All	All	All
Hardware	Cisco	Firepower 4150	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-24	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-36	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-40	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-44	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-44 X 3	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-48	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-56	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-56 X 3	-	All	All	All
Operating System	Cisco	Firepower Extensible Operating System	-	All	All	All
Operating System	Cisco	Fxos	-	All	All	All
Hardware	Cisco	Ucs 6200	-	All	All	All
Operating System	Cisco	Ucs 6200 Firmware	-	All	All	All
Hardware	Cisco	Ucs 6248up	-	All	All	All
Operating System	Cisco	Ucs 6248up Firmware	-	All	All	All
Hardware	Cisco	Ucs 6296up	-	All	All	All
Operating System	Cisco	Ucs 6296up Firmware	-	All	All	All
Hardware	Cisco	Ucs 6300	-	All	All	All
Operating System	Cisco	Ucs 6300 Firmware	-	All	All	All
Hardware	Cisco	Ucs 6324	-	All	All	All
Operating System	Cisco	Ucs 6324 Firmware	-	All	All	All
Hardware	Cisco	Ucs 6332	-	All	All	All
Hardware	Cisco	Ucs 6332-16up	-	All	All	All
Operating System	Cisco	Ucs 6332-16up Firmware	-	All	All	All
Operating System	Cisco	Ucs 6332 Firmware	-	All	All	All
Hardware	Cisco	Ucs 64108	-	All	All	All
Operating System	Cisco	Ucs 64108 Firmware	-	All	All	All
Hardware	Cisco	Ucs 6454	-	All	All	All
Operating System	Cisco	Ucs 6454 Firmware	-	All	All	All
Hardware	Cisco	Ucs 6536	-	All	All	All
Operating System	Cisco	Ucs 6536 Firmware	-	All	All	All
Application	Cisco	Ucs Central Software	All	All	All	All

References

Reference	Source	Link	Tags
Cisco Firepower 4100 Series, Firepower 9300 Security Appliances, and UCS Fabric Interconnects Command Injection Vulnerability	CISCO	sec.cloudapps.cisco.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

317299 Cisco UCS Fabric Interconnects Command Injection Vulnerability (cisco-sa-nxfp-cmdinj-XXBZjtR)