Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-20048

Published: 01/11/2023 Updated: 25/01/2024
CVSS v3 Base Score: 9.9 | Impact Score: 6 | Exploitability Score: 3.1
VMScore: 0
Subscribe to Cisco

Vulnerability Summary

A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote malicious user to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the malicious user to execute certain configuration commands on the targeted FTD device. To successfully exploit this vulnerability, an attacker would need valid credentials on the FMC Software.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco firepower management center

Vendor Advisories

Cisco: Cisco Firepower Management Center Software Command Injection Vulnerability
A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software This vulnerability is due to insufficient authorization of configuratio ...
Check Point Security Alerts: Cisco Firepower Management Center Command Injection (CVE-2023-20048)
Check Point Reference: CPAI-2023-1609 Date Published: 25 Mar 2024 Severity: Critical ...

Exploits

Exploit DB: Cisco Firepower Management Center Remote Command Execution
Cisco Firepower Management Center suffers from an authenticated remote command execution vulnerability Many versions spanning the 7xxx and 6xxx branches are affected ...

Github Repositories

https://github.com/absholi7ly/absholi7ly

Hi 👋, I'm Abdualhadi Khalifa I am a passionate person and committed to success in development in the fields of technology in general, and information security in particular I have a strong background in this field and different skills that enable me to interact in this field I have worked on many projects in information security And I wrote tools for me to detect vul

https://github.com/absholi7ly/Cisco-Firepower-Management-Center-Exploit

Cisco-Firepower-Management-Center-Exploit CVE-2023-20048 Poc Summary A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software This vulnerability is due to ins

References

CWE-863https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hNhttps://nvd.nist.govhttps://github.com/absholi7ly/absholi7lyhttps://packetstormsecurity.com/files/177562/Cisco-Firepower-Management-Center-Remote-Command-Execution.htmlhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook