CVE-2023-20114

A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit this vulnerability by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from the affected system.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*

History

09 Nov 2023, 15:14

Type Values Removed Values Added
CWE CWE-20
First Time Cisco firepower Management Center
Cisco
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
References (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-download-7js4ug2J - (MISC) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-file-download-7js4ug2J - Vendor Advisory
CPE cpe:2.3:a:cisco:firepower_management_center:*:*:*:*:*:*:*:*

01 Nov 2023, 17:16

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-01 17:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-20114

Mitre link : CVE-2023-20114

CVE.ORG link : CVE-2023-20114


JSON object : View

Products Affected

cisco

  • firepower_management_center
CWE
CWE-20

Improper Input Validation

CWE-73

External Control of File Name or Path