Arbitrary File Manipulation in Cisco FXOS Software
CVE-2023-20234

6MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Adaptive Security Appliance (ASA) Software; Cisco Firepower Threat Defense Software; Cisco Firepower Extensible Operating System (FXOS)
Vendor: CVE Published:; 23 August 2023

Summary

A vulnerability exists in the CLI of Cisco FXOS Software that could allow an authenticated local attacker to create or overwrite files on the filesystem of an affected device, including critical system files. This issue arises due to a lack of parameter validation during the execution of specific CLI commands. If an attacker successfully authenticates to the device with valid administrative credentials, they could exploit this vulnerability to manipulate files on the disk, potentially jeopardizing system integrity and functionality.

Affected Version(s)

Cisco Adaptive Security Appliance (ASA) Software 9.8.2

Cisco Adaptive Security Appliance (ASA) Software 9.8.2.8

Cisco Adaptive Security Appliance (ASA) Software 9.8.2.14

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 23, 2023
Vulnerability Reserved
Oct 27, 2022