CVE-2023-20234

Summary

CVE	CVE-2023-20234
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-08-23 19:15:00 UTC
Updated	2024-01-25 17:15:00 UTC
Description	A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability.

Risk And Classification

Problem Types: CWE-732

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Cisco	Firepower 1000	-	All	All	All
Hardware	Cisco	Firepower 1010	-	All	All	All
Hardware	Cisco	Firepower 1020	-	All	All	All
Hardware	Cisco	Firepower 1030	-	All	All	All
Hardware	Cisco	Firepower 1040	-	All	All	All
Hardware	Cisco	Firepower 2100	-	All	All	All
Hardware	Cisco	Firepower 2110	-	All	All	All
Hardware	Cisco	Firepower 2120	-	All	All	All
Hardware	Cisco	Firepower 2130	-	All	All	All
Hardware	Cisco	Firepower 2140	-	All	All	All
Hardware	Cisco	Firepower 4100	-	All	All	All
Hardware	Cisco	Firepower 4110	-	All	All	All
Hardware	Cisco	Firepower 4110 Next-generation Firewall	-	All	All	All
Hardware	Cisco	Firepower 4112	-	All	All	All
Hardware	Cisco	Firepower 4115	-	All	All	All
Hardware	Cisco	Firepower 4120	-	All	All	All
Hardware	Cisco	Firepower 4120 Next-generation Firewall	-	All	All	All
Hardware	Cisco	Firepower 4125	-	All	All	All
Hardware	Cisco	Firepower 4140	-	All	All	All
Hardware	Cisco	Firepower 4140 Next-generation Firewall	-	All	All	All
Hardware	Cisco	Firepower 4145	-	All	All	All
Hardware	Cisco	Firepower 4150	-	All	All	All
Hardware	Cisco	Firepower 4150 Next-generation Firewall	-	All	All	All
Hardware	Cisco	Firepower 9300	-	All	All	All
Hardware	Cisco	Firepower 9300 Security Appliance	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-24	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-36	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-40	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-44	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-44 X 3	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-48	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-56	-	All	All	All
Hardware	Cisco	Firepower 9300 Sm-56 X 3	-	All	All	All
Hardware	Cisco	Firepower 9300 With 1 Sm-24 Module	-	All	All	All
Hardware	Cisco	Firepower 9300 With 1 Sm-36 Module	-	All	All	All
Hardware	Cisco	Firepower 9300 With 1 Sm-44 Module	-	All	All	All
Hardware	Cisco	Firepower 9300 With 3 Sm-44 Module	-	All	All	All
Application	Cisco	Firepower Extensible Operating System	-	All	All	All
Hardware	Cisco	Secure Firewall 3105	-	All	All	All
Hardware	Cisco	Secure Firewall 3110	-	All	All	All
Hardware	Cisco	Secure Firewall 3120	-	All	All	All
Hardware	Cisco	Secure Firewall 3130	-	All	All	All
Hardware	Cisco	Secure Firewall 3140	-	All	All	All

References

Reference	Source	Link	Tags
Cisco FXOS Software Arbitrary File Write Vulnerability	MISC	sec.cloudapps.cisco.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.